Home
HIGH: 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HDefault status
unaffected
2026.0.0 (semver) before 2026.0.1
affected
2025.1.0 (semver) before 2025.1.4
affected
2025.0.0 (semver) before 2025.0.8
affected
Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8.
Problem types
CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')
Product status
2026.0.0 (semver) before 2026.0.1
2025.1.0 (semver) before 2025.1.4
2025.0.0 (semver) before 2025.0.8
References
community.progress.com/...itical-Security-Bulletin-June-2026