Input Validation Flaw in Fortra's GoAnywhere Web Client
CVE-2024-11922

5.4MEDIUM

Key Information:

Vendor: Fortra
Status: Goanywhere Mft
Vendor: CVE Published:; 28 April 2025

What is CVE-2024-11922?

The Fortra GoAnywhere Web Client, before version 7.8.0, suffers from a missing input validation vulnerability that allows an attacker with email permissions to inject arbitrary HTML or JavaScript into emails. This flaw poses significant risks, including potential exploitation for phishing attacks and unauthorized content delivery, compromising the integrity and confidentiality of communication.

Affected Version(s)

GoAnywhere MFT Windows 0 <= 7.7.1

References

https://www.fortra.com/security/advisories/product-securi...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Nov 27, 2024