We have released SFTPPlus version 4.23.0, which improves the cross-site scripting (XSS) protection for the Activity log page of the web management console.
Any HTML markup produced by a malicious person is now sanitized when logged.
The same sanitization was done for the review page when viewing differences. For the review page, the risk was even lower, as only administrators could produce malicious changes.
The upgrade is recommended for all customers using SFTPPlus' web management console.
You can check the full release notes here.