← voltar
CVE-2024-11922

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

CVSS 6.3 MEDIUMEPSS 0.2%CWE-79
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
Fortra · GoAnywhere MFT

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.fortra.com/security/advisories/product-security/fi-2025-005