Cross-Site Scripting Vulnerability in Progress MOVEit Automation
CVE-2020-12677
6.1MEDIUM
Summary
A vulnerability in Progress MOVEit Automation Web Admin allows unauthenticated attackers to exploit insufficient input sanitization, potentially leading to arbitrary code execution in users' browsers. Specifically, this weakness affects various versions of the product, including multiple releases from 2018 to 2019. Successful exploitation may grant malicious actors the ability to run harmful scripts, posing significant security risks for affected users.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved