{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:41:24.484","vulnerabilities":[{"cve":{"id":"CVE-2025-68116","sourceIdentifier":"security-advisories@github.com","published":"2025-12-16T17:16:11.100","lastModified":"2026-01-02T16:48:47.757","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FileRise is a self-hosted web file manager \/ WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`\/api\/file\/share.php`) and direct file access \/ download path (`\/api\/file\/download.php`), depending on browser\/content-type behavior. Version 2.7.1 fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:L","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:filerise:filerise:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.1","matchCriteriaId":"78983652-3799-4864-B25C-D60B2566071E"}]}]}],"references":[{"url":"https:\/\/github.com\/error311\/FileRise\/security\/advisories\/GHSA-35pp-ggh6-c59c","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}}]}