The host is installed with MOVEit Transfer 2022.0.x before 2022.0.9 (14.0.9), 2022.1.x before 2022.1.10 (14.1.10), 2023.0.0 before 2023.0.7 (15.0.7) and is prone to a reflected cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle MOVEit Gateway is used in conjunction with MOVEit Transfer. Successful exploitation could allow attackers to execute malicious JavaScript within the context of the victims browser.