CVE-2023-42656

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2021.1.8 (13.1.8) MOVEit Transfer versions prior to 2022.0.8 (14.0.8) MOVEit Transfer versions prior to 2022.1.9 (14.1.9) MOVEit Transfer versions prior to 2023.0.6 (15.0.6)

Description A reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim's browser.

Recommendations For versions prior to 2021.1.8 (13.1.8), update to version 2021.1.8 or later. For versions prior to 2022.0.8 (14.0.8), update to version 2022.0.8 or later. For versions prior to 2022.1.9 (14.1.9), update to version 2022.1.9 or later. For versions prior to 2023.0.6 (15.0.6), update to version 2023.0.6 or later.