Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-42656 - Vulnerability Database
MOVEit Transfer

MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-42656

Medium
Reference: CVE-2023-42656
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-42656
Title: MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) 2022.0.8 (14.0.8) 2022.1.9 (14.1.9) 2023.0.6 (15.0.6) a reflected cross-site scripting(XSS) vulnerability has been identified in MOVEit Transfer39s web interface. An attacker could craft a malicious payload targetingMOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload the attacker would be able to execute malicious JavaScript within the context of the victims browser.