Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.

Published

2025-04-28T21:15:56.560

Last Modified

2025-05-10T00:55:57.800

Status

Analyzed

Source

df4dee71-de3a-4139-9588-11b62fe6c0ff

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortra	goanywhere_managed_file_transfer	< 7.8.0	Yes

References

https://www.fortra.com/security/advisories/product-security/fi-2025-005 Vendor Advisory (df4dee71-de3a-4139-9588-11b62fe6c0ff)