MMAKINGDOM

4 exploits Active since Nov 2025
CVE-2025-63419 NOMISEC MEDIUM WRITEUP
CrushFTP 11.3.6_48 - XSS
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
2 stars
CVSS 6.1
CVE-2025-63420 NOMISEC MEDIUM WRITEUP
CrushFTP11 <11.3.7_57 - XSS
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.
2 stars
CVSS 4.1
CVE-2025-65881 NOMISEC MEDIUM WORKING POC
Sourcecodester Zoo Management System v1.0 - XSS
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.
CVSS 6.1
CVE-2025-57310 NOMISEC HIGH WORKING POC
Salmen Simple Faucet Script - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
CVSS 8.8