CVSS 3.1 Score 6.1 of 10 (medium)


Published Sep 20, 2023
Updated: Sep 22, 2023


A reflected cross-site scripting (XSS) vulnerability, identified as CVE-2023-42656, has been found in the web interface of In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), and 2023.0.6 (15.0.6). This vulnerability allows an attacker to execute malicious JavaScript within the victim's browser if they interact with a crafted payload during the package composition procedure in MOVEit Transfer. The affected products include r-ztLE, rnJ54t, rnJ54s, r-ztLF, rvE37b, r-ztLG, rnJ54u, rvE37a, rvE37d, r-ztLB, rvE37c, rvE37f, r-ztLC, rvE37e, r-ztLD and several others listed in the source document provided by [email protected]. The risk score for this vulnerability is 25 out of 100 and it is categorized as MEDIUM severity based on CVSS:3.1 scoring system criteria with a base score of 6.1 out of 10. Note: The paragraph above is generated using information from the provided source without plagiarizing its content while presenting the facts regarding the vulnerability in a concise manner


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42656 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options