Posted by Rehan Ahmed on Feb 18

========================================================
I. Overview
========================================================
Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities have been identified in
Crushftp 7.2.0 (Web Interface) on default configuration. These vulnerabilities allows
an attacker to gain control over valid user accounts, perform operations
on their behalf, redirect them to malicious sites, steal their…