Vulnerability Details CVE-2020-28647
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.7%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-Nov-2020
- https://labs.secforce.com/posts/progress-moveit-transfer-2020.1-stored-xss-cve-2020-28647/
- https://www.progress.com/
- https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-Nov-2020
- https://labs.secforce.com/posts/progress-moveit-transfer-2020.1-stored-xss-cve-2020-28647/
- https://www.progress.com/
Products affected by CVE-2020-28647
-
cpe:2.3:a:progress:moveit_transfer:-
-
cpe:2.3:a:progress:moveit_transfer:2019.0.6
-
cpe:2.3:a:progress:moveit_transfer:2019.0.7
-
cpe:2.3:a:progress:moveit_transfer:2019.1
-
cpe:2.3:a:progress:moveit_transfer:2019.1.3
-
cpe:2.3:a:progress:moveit_transfer:2019.1.4
-
cpe:2.3:a:progress:moveit_transfer:2019.1.5
-
cpe:2.3:a:progress:moveit_transfer:2019.1.6
-
cpe:2.3:a:progress:moveit_transfer:2019.2
-
cpe:2.3:a:progress:moveit_transfer:2019.2.1
-
cpe:2.3:a:progress:moveit_transfer:2019.2.2
-
cpe:2.3:a:progress:moveit_transfer:2019.2.3
-
cpe:2.3:a:progress:moveit_transfer:2020.0
-
cpe:2.3:a:progress:moveit_transfer:2020.0.5
-
cpe:2.3:a:progress:moveit_transfer:2020.0.6