Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
CrushFTP Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-63420 - Vulnerability Database
CrushFTP Server

CrushFTP Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-63420

Medium
Reference: CVE-2025-63420
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-63420
Title: CrushFTP Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / quotWho Created Folderquot) enabling persistent HTML execution in admin sessions.