CVE-2020-8612: XSS
First published: Fri Feb 14 2020(Updated: )
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progess Moveit Transfer | >=2019.1<2019.1.4 | |
| Progress MOVEit Transfer | >=2019.2<2019.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8612?
CVE-2020-8612 is a vulnerability in MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 that allows an authenticated attacker to execute arbitrary code in a victim's browser through a REST API endpoint.
How severe is CVE-2020-8612?
CVE-2020-8612 has a severity rating of critical with a value of 9.
What software versions are affected by CVE-2020-8612?
MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 are affected by CVE-2020-8612.
How can an attacker exploit CVE-2020-8612?
An attacker can exploit CVE-2020-8612 by injecting malicious input through a REST API endpoint and executing arbitrary code in a victim's browser.
Are there any resources for more information about CVE-2020-8612?
Yes, you can find more information about CVE-2020-8612 in the following references: [reference1] [reference2] [reference3].
- collector/nvd-index
- agent/weakness
- vendor/progess
- canonical/progess moveit transfer
- version/progess moveit transfer/2019.1
- vendor/progress
- canonical/progress moveit transfer
- version/progress moveit transfer/2019.2