Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39220: XSS Vulnerabilities in WebClient

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

CVE
Open in Source
#xss#vulnerability#web

Impact

Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code.

Patches

Fixed in v2.3.5.

Related news

GHSA-cf7g-cm7q-rq7f: SFTPGo WebClient vulnerable to Cross-site Scripting

### Impact Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code. ### Patches Fixed in v2.3.5.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE