CVE-2021-44076
CrushFTP 9 is affected. The vulnerability arises when creating a new user via the "/WebInterface/UserManager/" interface, where an attacker with access to the administration panel can trigger Stored XSS. The payload may execute in scenarios such as when the user’s page appears in the Most Visited...