{"vulnerability": "CVE-2026-11903", "sightings": [{"uuid": "54dd3705-a354-4ac1-9196-c1015f6aa5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11903", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq5nvsx5n62g", "content": "CVE-2026-11903 - Stored XSS in MOVEit Transfer Ad Hoc module\nCVE ID : CVE-2026-11903\n \n Published : July 8, 2026, 3:16 p.m. | 1\u00a0hour, 58\u00a0minutes ago\n \n Description : Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress ...", "creation_timestamp": "2026-07-08T17:37:53.229147Z"}, {"uuid": "f698e240-2346-4e27-8d91-ef819a7e1af3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-11903", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-678", "content": "", "creation_timestamp": "2026-07-08T20:15:14.552622Z"}, {"uuid": "75e92401-28b1-4a60-9a52-817fc9d7ee44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11903", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mq7jtsygg62k", "content": "Progress patched three MOVEit Transfer flaws, including a stored XSS bug (CVE-2026-11903). No exploitation is confirmed. Update now.\n\n#MOVEit #MOVEitTransfer #StoredXSS #XSS #CVE #ProgressSoftware #PatchNow #InfoSec", "creation_timestamp": "2026-07-09T11:30:31.606894Z"}]}