| id: GO-TEST-ID |
| modules: |
| - module: github.com/drakkan/sftpgo |
| versions: |
| - fixed: 2.3.5 |
| summary: SFTPGo WebClient vulnerable to Cross-site Scripting |
| description: |- |
| ### Impact Cross-site scripting (XSS) vulnerabilities have been reported to |
| affect SFTPGo WebClient. If exploited, this vulnerability allows remote |
| attackers to inject malicious code. |
| |
| ### Patches Fixed in v2.3.5. |
| cves: |
| - CVE-2022-39220 |
| ghsas: |
| - GHSA-cf7g-cm7q-rq7f |
| references: |
| - advisory: https://github.com/drakkan/sftpgo/security/advisories/GHSA-cf7g-cm7q-rq7f |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39220 |
| - fix: https://github.com/drakkan/sftpgo/commit/cbef217cfa92478ee8e00ba1a5fb074f8a8aeee0 |
| notes: |
| - lint: 'github.com/drakkan/sftpgo: version 2.3.5 does not exist' |
| - lint: references should contain at most one advisory link |