Vulnerability Details CVE-2024-11922
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.0%
CVSS Severity
CVSS v3 Score 6.3
Products affected by CVE-2024-11922
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:-
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.2
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.0.3
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.2
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.1.3
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.2.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.2.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.3.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.3.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.4.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.4.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.4.2
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.5.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.5.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.5.2
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.5.3
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.6.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.6.1
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.6.2
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.6.3
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.7.0
-
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:7.7.1