Lucene search
Veracode Vulnerability DatabaseVERACODE:40006HistoryMar 31, 2023 - 4:51 a.m.
Cross-Site Scripting (XSS)
2023-03-3104:51:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site scripting
xss
vulnerability
user input
front end
malicious javascript
landing page
gophish
0.001 Low
EPSS
Percentile
32.6%
github.com/gophish/gophish is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user input before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim’s browser via a crafted landing page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/gophish/gophish | le | v0.12.1 | |
| github.com/gophish/gophish | le | v0.12.1 |
Related
github
github
Gophish vulnerable to Cross-site Scripting via crafted landing page
2023-03-22 21:30:16
cve
cve
CVE-2022-45004
2023-03-22 21:15:18
osv
osv
Gophish vulnerable to Cross-site Scripting via crafted landing page
2023-03-22 21:30:16
CVE-2022-45004
2023-03-22 21:15:18
cvelist
cvelist
CVE-2022-45004
2023-03-22 00:00:00
prion
prion
Cross site scripting
2023-03-22 21:15:00
nvd
nvd
CVE-2022-45004
2023-03-22 21:15:18