VYPR
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Nov 12, 2025

CVE-2025-63419

CVE-2025-63419

Description

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Crushftp/Crushftpcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 11.3.6_48

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.