Vulnerabilities

CVE-2025-63419

by Fred · 12/11/2025

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.

More information : https://gist.github.com/MMAKINGDOM/39ded58b1e6d2d19366e76e0d5b1c851

Similar

Tags: Cybersecurity Alert