Bytetyson

**Name of the Vulnerable Software and Affected Versions** FileRise versions prior to 3.3.0 **Description** FileRise is a self-hosted web file manager / WebDAV server. An HTML Injection issue allows an authenticated user to modify the Document Object Model (DOM) and add elements, such as form elements that call certain endpoints or link elements that redirect the user upon interaction. The issue is exploitable by modifying the DOM. **Recommendations** Update to version 3.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** FileRise versions prior to 3.3.0 **Description** FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0 have an unauthenticated file read issue because of missing access control on the `/uploads` directory. Files uploaded to this directory can be directly accessed by anyone who knows or guesses the file path, without authentication. This could lead to sensitive data exposure and privacy breaches. **Recommendations** Update to version 3.3.0 or later.