Reflected cross-site scripting vulnerability in MOVEit Transfer - CVE-2023-6217ID: oval:org.secpod.oval:def:96104 | Date: (C)2023-12-26 (M)2023-12-26 |
Class: VULNERABILITY | Family: windows |
The host is installed with MOVEit Transfer 2022.0.x before 2022.0.9 (14.0.9), 2022.1.x before 2022.1.10 (14.1.10), 2023.0.0 before 2023.0.7 (15.0.7) and is prone to a reflected cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle MOVEit Gateway is used in conjunction with MOVEit Transfer. Successful exploitation could allow attackers to execute malicious JavaScript within the context of the victims browser.
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |