Cross site scripting vulnerability in MOVEit Transfer - CVE-2020-28647ID: oval:org.secpod.oval:def:96166 | Date: (C)2023-12-27 (M)2023-12-27 |
Class: VULNERABILITY | Family: windows |
The host is installed with MOVEit Transfer before 2020.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow a malicious user to craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |