Описание
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2020.1 (исключая)
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.001
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).
EPSS
Процентиль: 28%
0.001
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79