vulnerability
Progress MOVEit Automation: CVE-2020-12677: Improper Neutralization of Input During Web Page Generation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | May 14, 2020 | Dec 13, 2024 | Feb 11, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
May 14, 2020
Added
Dec 13, 2024
Modified
Feb 11, 2026
Description
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2.
Solution
progress-moveit-automation-upgrade-latest
References
- CVE-2020-12677
- https://attackerkb.com/topics/CVE-2020-12677
- URL-https://community.progress.com/s/article/MOVEit-Automation-Cross-Site-Scripting-Vulnerability-XSS-May-2020
- URL-https://docs.ipswitch.com/MOVEit/Automation2018/ReleaseNotes/en/index.htm#33958.htm
- URL-https://docs.ipswitch.com/MOVEit/Automation2018SP1/ReleaseNotes/en/index.htm#33958.htm
- URL-https://docs.ipswitch.com/MOVEit/Automation2018SP2/ReleaseNotes/en/index.htm#33958.htm
- URL-https://docs.ipswitch.com/MOVEit/Automation2019/ReleaseNotes/en/index.htm#33958.htm
- URL-https://docs.ipswitch.com/MOVEit/Automation2019_1/ReleaseNotes/en/index.htm#33958.htm
- URL-https://docs.ipswitch.com/MOVEit/Automation2019_2/ReleaseNotes/en/index.htm#33958.htm
- CWE-79
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.