Headline
GHSA-cf7g-cm7q-rq7f: SFTPGo WebClient vulnerable to Cross-site Scripting
Impact
Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code.
Patches
Fixed in v2.3.5.
SFTPGo WebClient vulnerable to Cross-site Scripting
Moderate severity GitHub Reviewed Published Sep 20, 2022 in drakkan/sftpgo • Updated Sep 20, 2022
Related news
CVE-2022-39220: XSS Vulnerabilities in WebClient
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.