Stored Cross-Site Scripting Vulnerability in MOVEit Transfer by Progress Software
CVE-2020-28647
5.4MEDIUM
Key Information:
- Vendor
Progress
- Status
- Vendor
- CVE Published:
- 17 November 2020
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2020-28647?
In MOVEit Transfer versions prior to 2020.1, a security flaw exists that enables a malicious user to craft and store a payload within the application. If an unsuspecting user interacts with this stored payload, it can result in the execution of arbitrary code in the context of their browser, leading to potential compromise of user data and session hijacking.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.