Vulnerability CVE-2022-39220

Published: 2022-09-20   Modified: 2022-09-21

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.



(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))


Copyright 2022,


Back to Top