MEDIUM🇬🇧 English

CVE-2022-39220

CVSS 6.1v3.1pub. 2022-09-20upd. 2024-11-21

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Sftpgo Project Sftpgo

    APP
    Sftpgo Project
    < 2.3.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-36071HIGH8.3ten sam produkt

SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClie...

CVE-2026-30914MEDIUM5.3ten sam produkt

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path norma...

CVE-2026-30915MEDIUM5.3ten sam produkt

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input ...

CVE-2023-48795MEDIUM5.9ten sam produkt

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, al...