CVE-2025-63420

Medium CVSS: 4.1

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.

Vendor

Crushftp

Product

Crushftp

CWE

CWE-79

Yayın Tarihi

2025-11-07 22:15:39

Güncelleme

2026-02-05 16:24:04

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Crushftp MEDIUM Crushftp 2025

Referanslar

https://gist.github.com/MMAKINGDOM/791d264c27656f0a4aa3c0ae35075e70 https://github.com/MMAKINGDOM/CVE-2025-63420/

Benzer Kayıtlar

Medium

CVE-2025-63419

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share…

Critical

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and…

Medium

CVE-2025-32102

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=t…

Medium

CVE-2025-32103

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/…

Critical

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle…