Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an malicious user to execute arbitrary code via a crafted payload.