MMAKINGDOM/CVE-2025-63420

Releases0

Stars2

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63420 ↗	Nov 7, 2025Friday, 7 November 2025, 22:15	4.1 MEDIUM	—
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.