CVE-2026-25230
Undergoing Analysis Undergoing Analysis - In Progress
HTML Injection in FileRise WebDAV Server Allows DOM Manipulation

Publication date: 2026-02-09

Last updated on: 2026-02-19

Assigner: GitHub, Inc.

Description
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-09
Last Modified
2026-02-19
Generated
2026-05-07
AI Q&A
2026-02-09
EPSS Evaluated
2026-05-05
NVD
CVE-2026-25230
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
filerise filerise to 3.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-116 The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an HTML Injection issue in FileRise, a self-hosted web file manager and WebDAV server. Before version 3.3.0, an authenticated user could inject HTML code into the web interface, allowing them to modify the Document Object Model (DOM). This could include adding form elements that interact with certain endpoints or adding link elements that redirect users when they interact with them.


How can this vulnerability impact me? :

The impact of this vulnerability includes the potential for an authenticated user to manipulate the web interface in ways that could lead to unintended actions or redirections. Although it does not directly compromise confidentiality, it can affect the integrity and availability of the system by allowing injection of malicious HTML elements that could trick users into performing actions or redirect them to malicious sites.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade FileRise to version 3.3.0 or later, where the HTML Injection vulnerability has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart