CVE-2025-66403

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 2.2.3

Description FileRise is a self-hosted web-based file manager. A stored cross-site scripting (XSS) issue exists due to improper handling of uploaded SVG files. The application accepts user-supplied SVG uploads without sanitizing or restricting embedded script content. When a malicious SVG containing inline JavaScript or event-based payloads is uploaded, it is rendered in the browser when viewed within the application. SVGs are XML-based and allow scripting, executing in the origin context of the application, enabling full stored XSS.

Recommendations Update to version 2.2.3 or later.