Description

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`/api/file/share.php`) and direct file access / download path (`/api/file/download.php`), depending on browser/content-type behavior. Version 2.7.1 fixes the issue.

INFO

Published Date :

2025-12-16T16:43:30.338Z

Last Modified :

2025-12-16T21:38:03.188Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68116 vulnerability.

Vendors Products
Filerise
  • Filerise
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68116.

URL Resource
https://github.com/error311/FileRise/security/advisories/GHSA-35pp-ggh6-c59c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact