CVE-2025-63420

Published November 7th, 2025

View on NVD ↗

CVSS v3

4.1

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.

MMAKINGDOM/CVE-2025-63420

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.

GitHub