FileRise affected by HTML Injection using color property in file...

4.6 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Description

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.

Basic Information

ID CVE-2026-25230

Source GitHub_M

Published Feb 9, 2026 at 18:32

Modified Feb 9, 2026 at 18:33

Affected Product

Vendor error311

Product FileRise

Version < 3.3.0

Affected Versions error311 FileRise < 3.3.0

CWE Classification

CWE-79 CWE-116

References

{
    "lastseen": "",
    "description": "FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.",
    "published": "2026-02-09T18:32:09.795Z",
    "modified": "2026-02-09T18:33:36.297Z",
    "type": "cve",
    "title": "FileRise affected by HTML Injection using color property in file tags",
    "source": "GitHub_M",
    "references": "https://github.com/error311/FileRise/security/advisories/GHSA-h8fw-42v6-gfhv\nhttps://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/controllers/FileController.php#L4016-L4058\nhttps://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/models/FileModel.php#L3146\nhttps://github.com/error311/FileRise/releases/tag/v3.3.0",
    "id": "CVE-2026-25230",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-116"
    ],
    "cvelist": null,
    "sourceData": "error311 FileRise < 3.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FileRise",
    "version": "< 3.3.0",
    "vendor": "error311",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

FileRise affected by HTML Injection using color property in file tags_CVE-2026-25230