Description
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-79CWE-79
Metadata
- Primary Vendor
- FORTRA
- Published
- 4/28/2025
- Last Modified
- 5/10/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
fortra : goanywhere_managed_file_transfer
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.