CVE-2025-63419

Name of the Vulnerable Software and Affected Versions CrushFTP version 11.3.6 48

Description A Cross Site Scripting (XSS) issue exists in CrushFTP. The web-based server’s file sharing feature reflects the filename to an email body field without proper sanitization, leading to potential HTML injection. The vulnerability occurs when users share files.

Recommendations Update to a newer version that contains a fix for this vulnerability.