VYPR
Unrated severityNVD Advisory· Published Sep 20, 2023· Updated Sep 24, 2024

MOVEit Transfer Reflected XSS

CVE-2023-42656

Description

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface.  An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure.  If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: < 2021.1.8 (13.1.8), < 2022.0.8 (14.0.8), < 2022.1.9 (14.1.9), < 2023.0.6 (15.0.6)
  • Progress Software Corporation/MOVEit Transferv5
    Range: 2023.0.0 (15.0.0)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.