- Description
- Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
- Source
- df4dee71-de3a-4139-9588-11b62fe6c0ff
- NVD status
- Analyzed
- Products
- goanywhere_managed_file_transfer
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2024-11922 04/28/2025 09:15:56 PM BaseSeverity: MEDIUM Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to... https://t.co/WA5auviLs7
@CVETracker
29 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11922 Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to i… https://t.co/U40qjtk1vE
@CVEnew
28 Apr 2025
512 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3F5A76-B606-456D-9B85-9C63D5953A41",
"versionEndExcluding": "7.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]