2 matches found
CVE-2019-16146
Gophish through 0.8.0 allows XSS via a username...
CVE-2019-16146
CVE-2019-16146 affects the Gophish project, with exposure via the web UI: versions up to 0.8.0 are vulnerable to cross-site scripting through a username field. Root cause is improper sanitization/input handling in the user management/login context (XSS). The initial description consistently state...