GHSA-cf7g-cm7q-rq7f

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-cf7g-cm7q-rq7f/GHSA-cf7g-cm7q-rq7f.json
Aliases
  • CVE-2022-39220
Published
2022-09-20T21:22:55Z
Modified
2022-09-23T17:07:44Z
Details

Impact

Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code.

Patches

Fixed in v2.3.5.

References

Affected packages

Go / github.com/drakkan/sftpgo

github.com/drakkan/sftpgo

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
2.3.5

Affected versions