← Volver a CVEs
CVE-2023-42656
MEDIUM6.1
Descripcion
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado9/20/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
progress:moveit_transfer
Debilidades (CWE)
CWE-79CWE-79
Referencias
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023(security@progress.com)
https://www.progress.com/moveit(security@progress.com)
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023(af854a3a-2127-422b-91ae-364da2661108)
https://www.progress.com/moveit(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.