Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18288 | 1 Crushftp | 1 Crushftp | 2022-12-22 | 5.8 MEDIUM | 6.1 MEDIUM |
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. | |||||
CVE-2021-44076 | 1 Crushftp | 1 Crushftp | 2022-09-16 | N/A | 4.8 MEDIUM |
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page. | |||||
CVE-2017-14037 | 1 Crushftp | 1 Crushftp | 2017-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. | |||||
CVE-2017-14035 | 1 Crushftp | 1 Crushftp | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
CrushFTP 8.x before 8.2.0 has a serialization vulnerability. | |||||
CVE-2017-14036 | 1 Crushftp | 1 Crushftp | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. | |||||
CVE-2017-14038 | 1 Crushftp | 1 Crushftp | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. |