Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving...
7.5CVSS
7.3AI Score
0.001EPSS
Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing...
6.1CVSS
5.9AI Score
0.001EPSS
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple...
5.4CVSS
5.4AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.003EPSS
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking...
6.5CVSS
6.2AI Score
0.002EPSS
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile...
5.4CVSS
6.4AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email...
5.4CVSS
6.3AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.002EPSS
5.3CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings...
5.4CVSS
6.4AI Score
0.001EPSS
4.8CVSS
4.8AI Score
0.001EPSS