CNNVD-202511-755 Information
Nov 07, 2025
cve
CNNVD ID
CNNVD-202511-755
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 11.3.7_50版本存在安全漏洞,该漏洞源于Admin Panel中Reports/Who Created Folder功能未正确处理输入,可能导致存储型跨站脚本攻击。
Description (English)
CrushFTP is a file transfer server for CrushFTP. CrushFTP 11.3.7 50 contains a security loophole that originates from the incorrect processing of input by the Reports/Who Created Folder in Admin Panel, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
CrushFTP
Published
2025-11-07
Last Modified
2026-02-24
References
https://gist.github.com/MMAKINGDOM/791d264c27656f0a4aa3c0ae35075e70 https://github.com/MMAKINGDOM/CVE-2025-63420/ https://access.redhat.com/security/cve/cve-2025-63420
Patch
https://crushftp.com/download.html
Share on: