Cross-Site Scripting Vulnerability in Progress MOVEit Transfer
CVE-2026-11903
8HIGH
What is CVE-2026-11903?
A cross-site scripting (XSS) vulnerability exists in Progress MOVEit Transfer's Ad Hoc module due to improper neutralization of user input during web page generation. This flaw could allow an attacker to inject malicious scripts into pages viewed by users, potentially leading to unauthorized access and data breaches. Affected versions include MOVEit Transfer 2026.0.0 prior to 2026.0.1, 2025.1.0 prior to 2025.1.4, and 2025.0.0 prior to 2025.0.8.
Affected Version(s)
MOVEit Transfer 2026.0.0 < 2026.0.1
MOVEit Transfer 2025.1.0 < 2025.1.4
MOVEit Transfer 2025.0.0 < 2025.0.8
