XSS Vulnerabilities in WebClient
CVE-2022-39220
6.1MEDIUM
What is CVE-2022-39220?
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.
Affected Version(s)
sftpgo < 2.3.5