CVE-2022-39220

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/drakkan/sftpgo

Identifiers

CVE-2022-39220, GHSA-cf7g-cm7q-rq7f

Package Slug

go/github.com/drakkan/sftpgo

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

Affected Versions

All versions before 2.3.5

Solution

Upgrade to version 2.3.5 or above.

Last Modified

2022-09-22

source