Vulnerability Details CVE-2022-39220
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.3%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-39220
-
cpe:2.3:a:sftpgo_project:sftpgo:-
-
cpe:2.3:a:sftpgo_project:sftpgo:0.9.1
-
cpe:2.3:a:sftpgo_project:sftpgo:0.9.2
-
cpe:2.3:a:sftpgo_project:sftpgo:0.9.3
-
cpe:2.3:a:sftpgo_project:sftpgo:0.9.4
-
cpe:2.3:a:sftpgo_project:sftpgo:0.9.5
-
cpe:2.3:a:sftpgo_project:sftpgo:0.9.6
-
cpe:2.3:a:sftpgo_project:sftpgo:1.0.0
-
cpe:2.3:a:sftpgo_project:sftpgo:1.1.0
-
cpe:2.3:a:sftpgo_project:sftpgo:1.1.1
-
cpe:2.3:a:sftpgo_project:sftpgo:1.2.0
-
cpe:2.3:a:sftpgo_project:sftpgo:1.2.1
-
cpe:2.3:a:sftpgo_project:sftpgo:1.2.2
-
cpe:2.3:a:sftpgo_project:sftpgo:2.0.0
-
cpe:2.3:a:sftpgo_project:sftpgo:2.0.1
-
cpe:2.3:a:sftpgo_project:sftpgo:2.0.2
-
cpe:2.3:a:sftpgo_project:sftpgo:2.0.3
-
cpe:2.3:a:sftpgo_project:sftpgo:2.0.4
-
cpe:2.3:a:sftpgo_project:sftpgo:2.1.0
-
cpe:2.3:a:sftpgo_project:sftpgo:2.1.1
-
cpe:2.3:a:sftpgo_project:sftpgo:2.1.2
-
cpe:2.3:a:sftpgo_project:sftpgo:2.2.0
-
cpe:2.3:a:sftpgo_project:sftpgo:2.2.1
-
cpe:2.3:a:sftpgo_project:sftpgo:2.2.2
-
cpe:2.3:a:sftpgo_project:sftpgo:2.2.3
-
cpe:2.3:a:sftpgo_project:sftpgo:2.3.0
-
cpe:2.3:a:sftpgo_project:sftpgo:2.3.1
-
cpe:2.3:a:sftpgo_project:sftpgo:2.3.2
-
cpe:2.3:a:sftpgo_project:sftpgo:2.3.3
-
cpe:2.3:a:sftpgo_project:sftpgo:2.3.4