CVE-2015-7676

Name of the Vulnerable Software and Affected Versions Ipswitch MOVEit File Transfer (formerly DMZ) versions 8.1 and earlier

Description The issue allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files when the software is configured to support file view on download.

Recommendations For Ipswitch MOVEit File Transfer (formerly DMZ) versions 8.1 and earlier, consider disabling the file view on download feature as a temporary workaround until a patch is available. Restrict access to uploading HTML files to minimize the risk of exploitation.