ProgressSoftwareCVELIST:CVE-2023-42656CVE-2023-42656 MOVEit Transfer Reflected XSS
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.0%
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer’s web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"MOVEit Transfer Web Interface"
],
"product": "MOVEit Transfer",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.0.6 (15.0.6)",
"status": "affected",
"version": "2023.0.0 (15.0.0)",
"versionType": "semver"
},
{
"lessThan": "2022.1.9 (14.1.9)",
"status": "affected",
"version": "2022.1.0 (14.1.0)",
"versionType": "semver"
},
{
"lessThan": "2022.0.8 (14.0.8)",
"status": "affected",
"version": "2022.0.0 (14.0.0)",
"versionType": "semver"
},
{
"lessThan": "2021.1.8 (13.1.8)",
"status": "affected",
"version": "2021.1.0 (13.1.0)",
"versionType": "semver"
}
]
}
]Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.0%