CVE-2024-11922

Name of the Vulnerable Software and Affected Versions Fortra's GoAnywhere versions prior to 7.8.0

Description The issue is related to missing input validation in certain features of the Web Client, allowing an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email. This could lead to a cross-site scripting attack by a malicious user.

Recommendations For versions prior to 7.8.0, update to version 7.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to email triggering features in the Web Client to minimize the risk of exploitation. Avoid using the Web Client's email features until the issue is resolved by updating to a fixed version.