Gophish Security Vulnerabilities
4.8CVSS
4.7AI Score
0.001EPSS
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
7.8CVSS
7.6AI Score
0.002EPSS
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.
5.4CVSS
5.2AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
6.5CVSS
6.2AI Score
0.002EPSS
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.
5.4CVSS
5.2AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.003EPSS
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backs...
5.4CVSS
5.3AI Score
0.001EPSS
Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.
7.5CVSS
7.3AI Score
0.001EPSS
Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.
6.1CVSS
5.9AI Score
0.001EPSS