Description
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-38053 Vulnerability (CVE-2022-38053)
Lighttpd Resource Management Errors Vulnerability (CVE-2008-4298)
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)
Oracle JRE Execution with Unnecessary Privileges Vulnerability (CVE-2026-22008)