MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-6217

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) 2022.1.10 (14.1.10) 2023.0.7 (15.0.7)a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload the attacker would be able to execute malicious JavaScript within the context of the victims browser.