Cross-site scripting (XSS) vulnerability in SFTPGo WebClient prior to version 2.3.5

Cross-site scripting (XSS) vulnerability in SFTPGo WebClient prior to version 2.3.5

CVE-2022-39220 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

Learn more about our Web App Pen Testing.