PT-2026-7133 · Filerise · Filerise

Bytetyson

·

Publicado

2026-02-09

·

Atualizado

2026-02-09

·

CVE-2026-25230

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.3.0
Description FileRise is a self-hosted web file manager / WebDAV server. An HTML Injection issue allows an authenticated user to modify the Document Object Model (DOM) and add elements, such as form elements that call certain endpoints or link elements that redirect the user upon interaction. The issue is exploitable by modifying the DOM.
Recommendations Update to version 3.3.0 or later.

Exploit

Correção

Improper Encoding or Escaping of Output

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-116CWE-79

Identificadores relacionados

CVE-2026-25230
GHSA-H8FW-42V6-GFHV

Produtos afetados

Filerise