FileRise Stored Cross-Site Scripting Vulnerability via SVG Upload

A stored cross-site scripting vulnerability has been identified in FileRise versions prior to 2.2.3. This issue arises from the application's improper handling of uploaded SVG files. FileRise allows user-supplied SVG uploads without sanitizing or restricting embedded script content. Consequently, when a malicious SVG containing inline JavaScript or event-based payloads is uploaded, it is rendered directly in the browser within the application. Since SVGs are XML-based and can include scripts, they execute in the context of the application, leading to full stored cross-site scripting exploitation.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the victim's browser. This could result in session hijacking, data exfiltration, or UI redressing within the FileRise interface.

Remediation

Users are advised to update FileRise to version 2.2.3 or later. This update modifies how SVG uploads are managed to prevent the execution of inline scripts. As a temporary measure, .svg uploads can be blocked or served strictly as downloadable files.