Full Disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

URL: https://seclists.org/#fulldisclosure

Updated: 17 hours 54 min ago

[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection

29 April, 2026 - 12:30

Posted by SBA Research Security Advisory via Fulldisclosure on Apr 29

# GoAnywhere MFT Email HTML Injection #

Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251120-01_GoAnywhere_MFT_Email_HTML_Injection

## Vulnerability Overview ##

GoAnywhere MFT before 7.10.0 is affected by an HTML injection vulnerability
in its email templating functionality. If an attacker is able to influence
the content of a template variable, malicious HTML can be embedded into
outgoing emails generated by the...

SOLDIERX.COM Nobody Can Stop Information Insemination

User login

Navigation

Active forum topics

Who's online

Who's new

Full Disclosure

[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection