Unrated severityNVD Advisory· Published Feb 9, 2026· Updated Feb 10, 2026

FileRise affected by HTML Injection using color property in file tags

CVE-2026-25230

Description

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.

Affected products

Error311/Filerisev5
Range: < 3.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/controllers/FileController.phpmitrex_refsource_MISC
github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/models/FileModel.phpmitrex_refsource_MISC
github.com/error311/FileRise/releases/tag/v3.3.0mitrex_refsource_MISC
github.com/error311/FileRise/security/advisories/GHSA-h8fw-42v6-gfhvmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000