CNNVD-202512-038 Information

CNNVD ID

CNNVD-202512-038

Related CVE

CVE-2025-66403

• CNNVD Published: 2025-12-01

Description (Chinese)

FileRise是Ryan个人开发者的一个轻量级、自托管的基于web的文件管理器。 FileRise 2.2.3之前版本存在跨站脚本漏洞，该漏洞源于SVG文件处理不当，可能导致存储型跨站脚本。

Description (English)

FileRise is a lightweight, self-hosted web-based file manager for Ryan ’ s personal developers. The previous version of FileRise 2.2.3 had a cross-site script loophole, which stemmed from the inappropriate handling of SVG files and could lead to storage-type cross-site scripts.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/error311/FileRise/commit/f2ce43f18f0444f8f63f7c33758d1837dd5ba91e https://github.com/error311/FileRise/security/advisories/GHSA-qrcv-vjvf-fr29 https://access.redhat.com/security/cve/cve-2025-66403

Patch

https://github.com/error311/FileRise/releases