Skip to content

Instantly share code, notes, and snippets.

@cgnl
Created May 3, 2024 15:14
Show Gist options
  • Save cgnl/672ace3cbad1116fcd9ae633e54ea9f8 to your computer and use it in GitHub Desktop.
Save cgnl/672ace3cbad1116fcd9ae633e54ea9f8 to your computer and use it in GitHub Desktop.
CVE-2024-22910: Authenticated XSS in CrushFTP < 10.6.0
CVE-2024-22910: Authenticated XSS in CrushFTP < 10.6.0
[Description]
Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and
v.10.5.5 allows an attacker to execute arbitrary code via a crafted
payload.
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
CrushFTP
------------------------------------------
[Affected Product Code Base]
CrushFTP - 10.6.0
CrushFTP - 10.5.5
And possibly all versions of CrushFTP below 10.6.0.
------------------------------------------
[Affected Component]
The main page of CrushFTP after authentication
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
To exploit the vulnerability, an authenticated victim has to open a crafted URL and hover over the refresh image on the page.
An example URL is https://[crushftp]/#all/%20'%20onmouseover=alert(1)%20/
------------------------------------------
[Discoverer]
codeguardian.nl
------------------------------------------
[Reference]
http://crushftp.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment