Security Advisory

CVE-2022-39220

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-20 22:10:08

Last updated 2025-04-23 16:56:53

Assigner GitHub_M

State PUBLISHED

Description

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

← Browse all CVEs View on cve.org ↗