CVE-2025-63419 | THREATINT

Description

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-12 | Updated 2025-11-12 | Assigner mitre

References

gist.github.com/MMAKINGDOM/39ded58b1e6d2d19366e76e0d5b1c851

github.com/MMAKINGDOM/CVE-2025-63419/

cve.org (CVE-2025-63419)

nvd.nist.gov (CVE-2025-63419)

Download JSON