AttackFeed by Joe Wagner | [SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection  - Full Disclosure

[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection  – Full Disclosure

Posted on By Joe-W No Comments on [SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection  – Full Disclosure
Alert Feeds

 

Posted by SBA Research Security Advisory via Fulldisclosure on Apr 29

# GoAnywhere MFT Email HTML Injection #

Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251120-01_GoAnywhere_MFT_Email_HTML_Injection

## Vulnerability Overview ##

GoAnywhere MFT before 7.10.0 is affected by an HTML injection vulnerability
in its email templating functionality. If an attacker is able to influence
the content of a template variable, malicious HTML can be embedded into
outgoing emails generated by the…
 – Read More  – Full Disclosure 

You may also like

AttackFeed by Joe Wagner | SEC Consult SA-20260415-0 :: Exposed Private Key of X.509 Certificate in SAP HANA Cockpit & SAP HANA Database Explorer  - Full Disclosure
Alert Feeds
SEC Consult SA-20260415-0 :: Exposed Private Key of X.509 Certificate in SAP HANA Cockpit & SAP HANA Database Explorer  – Full Disclosure
April 29, 2026
AttackFeed by Joe Wagner | SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App  - Full Disclosure
Alert Feeds
SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App  – Full Disclosure
April 29, 2026
AttackFeed by Joe Wagner | APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8  - Full Disclosure
Alert Feeds
APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8  – Full Disclosure
April 29, 2026
AttackFeed by Joe Wagner | [SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping  - Full Disclosure
Alert Feeds
[SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping  – Full Disclosure
June 9, 2026

Leave a Reply