Muntadhar M. Ahmed

7 exploits Active since Nov 2025
CVE-2025-63420 NOMISEC MEDIUM WRITEUP
CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.
2 stars
CVSS 4.1
CVE-2025-63419 NOMISEC MEDIUM WRITEUP
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
2 stars
CVSS 6.1
CVE-2025-65881 NOMISEC MEDIUM WORKING POC
Sourcecodester Zoo Management System v1.0 - XSS
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.
CVSS 6.1
CVE-2025-57310 NOMISEC HIGH WORKING POC
simple_faucet_script v1.07 - Cross-Site Request Forgery via Admin Ads Endpoint
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
CVSS 8.8
CVE-2025-63419 WRITEUP MEDIUM WRITEUP
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
CVSS 6.1
CVE-2025-63420 WRITEUP MEDIUM WRITEUP
CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.
CVSS 4.1
CVE-2025-65881 WRITEUP MEDIUM WORKING POC
Sourcecodester Zoo Management System v1.0 - XSS
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.
CVSS 6.1