CVE-2024-11922

Medium CVSS: 6.3

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.

Vendor

Fortra

Product

Goanywhere Managed File Transfer

CWE

CWE-79

Yayın Tarihi

2025-04-28 21:15:56

Güncelleme

2025-05-10 00:55:57

Source Identifier

df4dee71-de3a-4139-9588-11b62fe6c0ff

KEV Date Added

Kategoriler

CWE-79 Goanywhere Managed File Transfer MEDIUM Fortra 2025

Referanslar

https://www.fortra.com/security/advisories/product-security/fi-2025-005

Benzer Kayıtlar

Medium

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with a…

Critical

CVE-2025-10035

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged…

Low

CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error…