MMAKINGDOM

CVE-2025-63419 NOMISEC MEDIUM WRITEUP

CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.

2 stars

CVSS 6.1

View Code

CVE-2025-63420 NOMISEC MEDIUM WRITEUP

CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.

2 stars

CVSS 4.1

View Code

CVE-2025-65881 NOMISEC MEDIUM WORKING POC

Sourcecodester Zoo Management System v1.0 - XSS

Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.

CVSS 6.1

View Code

CVE-2025-57310 NOMISEC HIGH WORKING POC

simple_faucet_script v1.07 - Cross-Site Request Forgery via Admin Ads Endpoint

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.

CVSS 8.8

View Code