What is CVE-2026-25230?

CVE-2026-25230 is a medium-severity vulnerability in Error311 Filerise, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2026-02-09.

How severe is CVE-2026-25230?

Medium severity. CVSS v3 base score is 4.6 out of 10.

XSS in Error311 Filerise

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirec…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (18.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L.

Affected products

Error311 Filerise — versions < 3.3.0

Weakness classification (CWE)

References

https://github.com/error311/FileRise/security/advisories/GHSA-h8fw-42v6-gfhv (x_refsource_CONFIRM)
https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/controllers/FileController.php#L4016-L4058 (x_refsource_MISC)
https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/models/FileModel.php#L3146 (x_refsource_MISC)
https://github.com/error311/FileRise/releases/tag/v3.3.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-25230?: CVE-2026-25230 is a medium-severity vulnerability in Error311 Filerise, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2026-02-09.
How severe is CVE-2026-25230?: Medium severity. CVSS v3 base score is 4.6 out of 10.