CVE-2024-11986 Information

Description

Improper input handling in the ‘Host Header’ allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application’s standard functionality it enables the execution of the payload resulting in Stored XSS or ‘Cross-Site Scripting’.

Reference

https://crushftp.com/crush11wiki/Wiki.jsp?page=Update