The host is installed with MOVEit Transfer before 2020.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow a malicious user to craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).