CNNVD-202511-1402 Information

CNNVD ID

CNNVD-202511-1402

Related CVE

CVE-2025-63419

• CNNVD Published: 2025-11-12

Description (Chinese)

CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 11.3.6_48版本存在安全漏洞，该漏洞源于Web服务器文件共享功能未清理文件名，可能导致跨站脚本攻击。

Description (English)

CrushFTP is a file transfer server for CrushFTP. CrushFTP 11.3.6 48 contains a security loophole that originates from the uncleaned file name of the Web server file sharing function, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CrushFTP

Published

2025-11-12

Last Modified

2026-02-24

References

https://gist.github.com/MMAKINGDOM/39ded58b1e6d2d19366e76e0d5b1c851 https://github.com/MMAKINGDOM/CVE-2025-63419/