CVE-2025-63419

Medium CVSS: 6.1

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.

Vendor

Crushftp

Product

Crushftp

CWE

CWE-79

Yayın Tarihi

2025-11-12 17:15:38

Güncelleme

2025-12-31 16:34:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Crushftp MEDIUM Crushftp 2025

Referanslar

https://gist.github.com/MMAKINGDOM/39ded58b1e6d2d19366e76e0d5b1c851 https://github.com/MMAKINGDOM/CVE-2025-63419/

Benzer Kayıtlar

Medium

CVE-2025-63420

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created F…

Critical

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and…

Medium

CVE-2025-32102

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=t…

Medium

CVE-2025-32103

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/…

Critical

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle…