admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-11922.md

18 lines
857 B
Markdown
Raw Normal View History

Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### [CVE-2024-11922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11922)
![](https://img.shields.io/static/v1?label=Product&message=GoAnywhere%20MFT&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207.7.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
### Description
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
### POC
#### Reference
- https://www.fortra.com/security/advisories/product-security/fi-2025-005
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink