Описание
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.8.0 (исключая)
cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.3
github
9 месяцев назад
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
EPSS
Процентиль: 12%
0.00041
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79