Crushftp: Security Vulnerabilities
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page.
CVSS Score
4.8
EPSS Score
0.006
Published
2022-09-15
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-26
CrushFTP 8.x before 8.2.0 has a serialization vulnerability.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-30
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-30
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-30
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-08-30
Page 2