CVE-2024-11922 Information

Description

Missing input validation in certain features of the Web Client of Fortra’s GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.

Reference

https://www.fortra.com/security/advisories/product-security/fi-2025-005