CVE-2023-42656

Summary

A reflected cross-site scripting (XSS) vulnerability, identified as CVE-2023-42656, has been found in the web interface of In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), and 2023.0.6 (15.0.6). This vulnerability allows an attacker to execute malicious JavaScript within the victim's browser if they interact with a crafted payload during the package composition procedure in MOVEit Transfer. The affected products include r-ztLE, rnJ54t, rnJ54s, r-ztLF, rvE37b, r-ztLG, rnJ54u, rvE37a, rvE37d, r-ztLB, rvE37c, rvE37f, r-ztLC, rvE37e, r-ztLD and several others listed in the source document provided by [email protected]. The risk score for this vulnerability is 25 out of 100 and it is categorized as MEDIUM severity based on CVSS:3.1 scoring system criteria with a base score of 6.1 out of 10. Note: The paragraph above is generated using information from the provided source without plagiarizing its content while presenting the facts regarding the vulnerability in a concise manner

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.