[github.com/drakkan/sftpgo] SFTPGo WebClient vulnerable to Cross-site Scripting

Impact

Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code.

Patches

Fixed in v2.3.5.

References

• https://github.com/drakkan/sftpgo/security/advisories/GHSA-cf7g-cm7q-rq7f
• https://github.com/drakkan/sftpgo/commit/cbef217cfa92478ee8e00ba1a5fb074f8a8aeee0
• https://nvd.nist.gov/vuln/detail/CVE-2022-39220
• https://github.com/advisories/GHSA-cf7g-cm7q-rq7f