What is CVE-2024-11922?

CVE-2024-11922 is a medium-severity vulnerability in Fortra Goanywhere Mft, classified under Cross-site Scripting. CVSS score: 6.3/10. Published 2025-04-28.

How severe is CVE-2024-11922?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2024-11922 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Fortra Goanywhere Mft

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (33.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Fortra Goanywhere Mft — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.fortra.com/security/advisories/product-security/fi-2025-005 (vendor-advisory)

Frequently asked questions

What is CVE-2024-11922?: CVE-2024-11922 is a medium-severity vulnerability in Fortra Goanywhere Mft, classified under Cross-site Scripting. CVSS score: 6.3/10. Published 2025-04-28.
How severe is CVE-2024-11922?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2024-11922 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.