CVE-2026-11903

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
08/07/2026
Last modified:
08/07/2026

Description

Improper neutralization of input during web page generation (&amp;#39;cross-site scripting&amp;#39;) vulnerability in Progress MOVEit Transfer (Ad Hoc module).<br /> <br /> This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8.