vulnerability

Fortra GoAnywhere MFT: CVE-2024-11922: Improper Neutralization of Input During Web Page Generation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Apr 28, 2025	Sep 2, 2025	Sep 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Apr 28, 2025

Added

Sep 2, 2025

Modified

Sep 2, 2025

Description

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.

Solution

fortra-goanywhere-mft-upgrade-latest

References

CWE-79
CVE-2024-11922
https://attackerkb.com/topics/CVE-2024-11922
URL-https://www.fortra.com/security/advisories/product-security/fi-2025-005

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today