Primary

Context

Fortra GoAnywhere Web Client Input Validation Vulnerability Allowing Cross-Site Scripting in Emails

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Fortra's GoAnywhere Web Client, in versions prior to 7.8.0. This issue arises from missing input validation in certain features, allowing an attacker with permission to send emails to inject arbitrary HTML or JavaScript into the message. The vulnerability is particularly concerning for emails that do not use Secure Mail.

Impact

Exploitation of this vulnerability could lead to cross-site scripting attacks, where injected scripts are executed in the context of the user's browser.

Remediation

Users can upgrade to GoAnywhere MFT version 7.8.0 or later to address this vulnerability. It is also recommended to limit access to only trustworthy Web Users.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.4

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.4

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortra GoAnywhere Web Client Input Validation Vulnerability Allowing Cross-Site Scripting in Emails

Vulnerability

Impact

Remediation

Affected Products

Fortra GoAnywhere MFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating