Crushftp · Crushftp · CVE-2025-63419
**Name of the Vulnerable Software and Affected Versions**
CrushFTP version 11.3.6 48
**Description**
A Cross Site Scripting (XSS) issue exists in CrushFTP. The web-based server’s file sharing feature reflects the filename to an email body field without proper sanitization, leading to potential HTML injection. The vulnerability occurs when users share files.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability.