Stored Cross-Site Scripting (XSS) Vulnerability in MOVEit Transfer before 2020.1

Stored Cross-Site Scripting (XSS) Vulnerability in MOVEit Transfer before 2020.1

CVE-2020-28647 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).

Learn more about our User Device Pen Test.