vulnerability

Progress MOVEit Transfer: CVE-2023-42656: Improper Neutralization of Input During Web Page Generation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Sep 20, 2023	Dec 13, 2024	Feb 11, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Sep 20, 2023

Added

Dec 13, 2024

Modified

Feb 11, 2026

Description

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

Solution

progress-moveit-transfer-upgrade-latest

References

CVE-2023-42656
https://attackerkb.com/topics/CVE-2023-42656
URL-https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
URL-https://www.progress.com/moveit
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today