FileRise HTML Injection Vulnerability Allowing DOM Modification and Potential XSS

An HTML injection vulnerability has been identified in FileRise, a self-hosted web file manager and WebDAV server, in versions prior to 3.3.0. This vulnerability allows authenticated users to alter the Document Object Model (DOM) by injecting elements such as forms or links that can redirect users upon interaction. The issue arises because the color attribute of tags is not properly validated, enabling the injection of HTML. While this vulnerability could potentially be exploited for cross-site scripting (XSS), such an exploitation has not been confirmed.

Impact

Exploitation of this vulnerability could lead to unauthorized DOM manipulation, allowing for the injection of HTML elements that could disrupt the user experience or facilitate phishing attacks. Additionally, there is a possibility of cross-site scripting (XSS) exploitation, although this has not been verified.

Reproduction

To reproduce this vulnerability, log in as an authenticated user and create a file or select an existing one. Then, use a crafted request to the '/api/file/saveFileTag.php' endpoint, including a tag with a malicious color attribute that contains HTML elements. After the tag is saved, visit the location of the file in FileRise to observe the injected HTML being executed.

Remediation

Users can update to FileRise version 3.3.0 or later, where this vulnerability has been patched.