CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-12677
https://notcve.org/view.php?id=CVE-2020-12677
14 May 2020 — An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. Se detectó un problema en Progress M... • https://community.progress.com/s/article/MOVEit-Automation-Cross-Site-Scripting-Vulnerability-XSS-May-2020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •