Home

Description

A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-08 | Updated 2025-08-08 | Assigner mitre

References

www.ehcp.net/?p=402

packetstorm.news/files/id/207908

cve.org (CVE-2025-50927)

nvd.nist.gov (CVE-2025-50927)

Download JSON