SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NSftpgo Project Sftpgo
APPSftpgo Project< 2.3.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2022-36071HIGH8.3ten sam produkt
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClie...
CVE-2026-30914MEDIUM5.3ten sam produkt
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path norma...
CVE-2026-30915MEDIUM5.3ten sam produkt
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input ...
CVE-2023-48795MEDIUM5.9ten sam produkt
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, al...