CVE-2022-39220

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.3.5

Description SFTPGo is an SFTP server written in Go. The SFTPGo WebClient is subject to Cross-site scripting (XSS) vulnerabilities, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.

Recommendations For versions prior to 2.3.5, update to version 2.3.5 to resolve the issue. As a temporary workaround, consider restricting access to the SFTPGo WebClient until the update is applied.