Security Advisory
CVE-2025-63419
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.