Downloading a file sotred in the FRS form the webdav browser plugin can lead to XSS.
An attacker could use this vulnerability to force a victim to execute uncontrolled code.
CVSSv3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Add a file in the FRS named xss.html with the following content: <html><body><script>alert(1)</script></body></html> and then download it from the webdav browser plugin.
OWASP Cross-site Scripting