CVE-2020-8612Cross-site Scripting in Moveit Transfer

CWE-79Cross-site Scripting3 documents3 sources
Severity
9.0CRITICALNVD
EPSS
0.0%
top 92.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Progess Moveit TransferProgress Moveit Transfer
Timeline
PublishedFeb 14
Latest updateMay 24

Description

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

NVDprogress/moveit_transfer2019.22019.2.1
NVDprogess/moveit_transfer2019.12019.1.4

Patches

Patch: community.ipswitch.comPatch: community.ipswitch.com

🔴Vulnerability Details

2
GHSA
GHSA-7q5w-gw6h-9g37: In Progress MOVEit Transfer 20192022-05-24
CVEList
CVE-2020-8612: In Progress MOVEit Transfer 20192020-02-14
CVE-2020-8612 — Cross-site Scripting in Moveit Transfer | cvebase