CyberSec.Space Logo
Back to CVE Browser

CVE-2015-7676

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile36.41th
PublishedApr 15, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.

Affected Platforms (CPE)

πŸ“¦
Ipswitch

Moveit Dmz

<= 8.1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/135458/Ipswitch-MOVEit-DMZ-8.1-Persistent-Cross-Site-Scripting.html
πŸ”— http://seclists.org/fulldisclosure/2016/Jan/95
πŸ”— http://www.securityfocus.com/bid/90574
πŸ”— https://profundis-labs.com/advisories/CVE-2015-7676.txt
πŸ”— http://packetstormsecurity.com/files/135458/Ipswitch-MOVEit-DMZ-8.1-Persistent-Cross-Site-Scripting.html
πŸ”— http://seclists.org/fulldisclosure/2016/Jan/95
πŸ”— http://www.securityfocus.com/bid/90574
πŸ”— https://profundis-labs.com/advisories/CVE-2015-7676.txt

Related Vulnerabilities

CVE-2017-61959.8

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017...

CVE-2015-76756.5

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users...

CVE-2015-76805.3

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account...

CVE-2015-76774.3

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, ...