Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by getgophish
CVE-2025-70963 (GCVE-0-2025-70963)
Vulnerability from cvelistv5 – Published: 2026-02-06 00:00 – Updated: 2026-02-06 18:37
VLAI?
Summary
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.
Severity ?
7.6 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-70963",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:36:17.133329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:37:19.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gophish \u003c=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user\u2019s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:36:36.846Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gophish/gophish/issues/9366"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-70963",
"datePublished": "2026-02-06T00:00:00.000Z",
"dateReserved": "2026-01-09T00:00:00.000Z",
"dateUpdated": "2026-02-06T18:37:19.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-2211 (GCVE-0-2024-2211)
Vulnerability from cvelistv5 – Published: 2024-03-06 10:47 – Updated: 2024-08-01 19:03
VLAI?
Title
Cross-Site Scripting vulnerability in Gophish Admin Panel
Summary
Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gophish | Admin Panel |
Affected:
0.12.1
|
Date Public ?
2024-03-06 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T19:11:58.282629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:25.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-gophish-admin-panel"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Admin Panel",
"vendor": "Gophish",
"versions": [
{
"status": "affected",
"version": "0.12.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Miguel Segovia Gil"
}
],
"datePublic": "2024-03-06T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu."
}
],
"value": "Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T10:47:03.845Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-gophish-admin-panel"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-Site Scripting vulnerability in Gophish Admin Panel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-2211",
"datePublished": "2024-03-06T10:47:03.845Z",
"dateReserved": "2024-03-06T07:45:08.547Z",
"dateUpdated": "2024-08-01T19:03:39.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45004 (GCVE-0-2022-45004)
Vulnerability from cvelistv5 – Published: 2023-03-22 00:00 – Updated: 2025-02-26 16:21
VLAI?
Summary
Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.12.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/z5MD3z8c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:21:27.454152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:21:31.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gophish/gophish/releases/tag/v0.12.1"
},
{
"url": "https://pastebin.com/z5MD3z8c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45004",
"datePublished": "2023-03-22T00:00:00.000Z",
"dateReserved": "2022-11-07T00:00:00.000Z",
"dateUpdated": "2025-02-26T16:21:31.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45003 (GCVE-0-2022-45003)
Vulnerability from cvelistv5 – Published: 2023-03-22 00:00 – Updated: 2025-02-25 21:21
VLAI?
Summary
Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.12.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/z5MD3z8c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45003",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:20:20.316984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:21:27.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gophish/gophish/releases/tag/v0.12.1"
},
{
"url": "https://pastebin.com/z5MD3z8c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45003",
"datePublished": "2023-03-22T00:00:00.000Z",
"dateReserved": "2022-11-07T00:00:00.000Z",
"dateUpdated": "2025-02-25T21:21:27.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25295 (GCVE-0-2022-25295)
Vulnerability from cvelistv5 – Published: 2022-09-11 13:45 – Updated: 2024-09-16 17:29
VLAI?
Title
Open Redirect
Summary
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com.
Severity ?
CWE
- Open Redirect
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | github.com/gophish/gophish |
Affected:
unspecified , < 0.12.0
(custom)
|
Date Public ?
2022-09-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/pull/2262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "github.com/gophish/gophish",
"vendor": "n/a",
"versions": [
{
"lessThan": "0.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Snyk Security Team"
}
],
"datePublic": "2022-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue(\"next\")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\\\\\\\example.com, browser will redirect user to http://example.com."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-11T13:45:20.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/pull/2262"
}
],
"title": "Open Redirect",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-09-11T13:42:52.981006Z",
"ID": "CVE-2022-25295",
"STATE": "PUBLIC",
"TITLE": "Open Redirect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "github.com/gophish/gophish",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Snyk Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue(\"next\")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\\\\\\\example.com, browser will redirect user to http://example.com."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"
},
{
"name": "https://github.com/gophish/gophish/pull/2262",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/pull/2262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25295",
"datePublished": "2022-09-11T13:45:20.564Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:29:06.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24707 (GCVE-0-2020-24707)
Vulnerability from cvelistv5 – Published: 2020-10-28 19:35 – Updated: 2024-08-04 15:19
VLAI?
Summary
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0052/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/commit/b25f5ac5e468f6730e377f43c7995e18f8fccc2b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T19:35:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0052/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/commit/b25f5ac5e468f6730e377f43c7995e18f8fccc2b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0052/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0052/"
},
{
"name": "https://github.com/gophish/gophish/releases/tag/v0.11.0",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
},
{
"name": "https://github.com/gophish/gophish/commit/b25f5ac5e468f6730e377f43c7995e18f8fccc2b",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/commit/b25f5ac5e468f6730e377f43c7995e18f8fccc2b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24707",
"datePublished": "2020-10-28T19:35:21.000Z",
"dateReserved": "2020-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:09.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24713 (GCVE-0-2020-24713)
Vulnerability from cvelistv5 – Published: 2020-10-28 19:33 – Updated: 2024-08-04 15:19
VLAI?
Summary
Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0053/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gophish through 0.10.1 does not invalidate the gophish cookie upon logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T19:33:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0053/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gophish through 0.10.1 does not invalidate the gophish cookie upon logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0053/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0053/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24713",
"datePublished": "2020-10-28T19:33:31.000Z",
"dateReserved": "2020-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:09.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24711 (GCVE-0-2020-24711)
Vulnerability from cvelistv5 – Published: 2020-10-28 19:33 – Updated: 2024-08-04 15:19
VLAI?
Summary
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0051/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T19:33:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0051/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6"
},
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0051/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0051/"
},
{
"name": "https://github.com/gophish/gophish/releases/tag/v0.11.0",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24711",
"datePublished": "2020-10-28T19:33:23.000Z",
"dateReserved": "2020-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:09.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24710 (GCVE-0-2020-24710)
Vulnerability from cvelistv5 – Published: 2020-10-28 19:33 – Updated: 2024-08-04 15:19
VLAI?
Summary
Gophish before 0.11.0 allows SSRF attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0054/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gophish before 0.11.0 allows SSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T19:33:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0054/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gophish before 0.11.0 allows SSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005"
},
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0054/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0054/"
},
{
"name": "https://github.com/gophish/gophish/releases/tag/v0.11.0",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24710",
"datePublished": "2020-10-28T19:33:16.000Z",
"dateReserved": "2020-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:09.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24712 (GCVE-0-2020-24712)
Vulnerability from cvelistv5 – Published: 2020-10-28 19:33 – Updated: 2024-08-04 15:19
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0050/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/commit/4e9b94b641755f359542b246cc0c555fa3bc6715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T19:33:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0050/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/commit/4e9b94b641755f359542b246cc0c555fa3bc6715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0050/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0050/"
},
{
"name": "https://github.com/gophish/gophish/commit/4e9b94b641755f359542b246cc0c555fa3bc6715",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/commit/4e9b94b641755f359542b246cc0c555fa3bc6715"
},
{
"name": "https://github.com/gophish/gophish/releases/tag/v0.11.0",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24712",
"datePublished": "2020-10-28T19:33:10.000Z",
"dateReserved": "2020-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:09.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24709 (GCVE-0-2020-24709)
Vulnerability from cvelistv5 – Published: 2020-10-28 19:33 – Updated: 2024-08-04 15:19
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0049/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T19:33:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0049/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0049/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0049/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24709",
"datePublished": "2020-10-28T19:33:01.000Z",
"dateReserved": "2020-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:09.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24708 (GCVE-0-2020-24708)
Vulnerability from cvelistv5 – Published: 2020-10-28 19:32 – Updated: 2024-08-04 15:19
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0048/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/commit/90fed5a575628b89eaf941e1627b49e0f3693812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T19:32:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0048/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/commit/90fed5a575628b89eaf941e1627b49e0f3693812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0048/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0048/"
},
{
"name": "https://github.com/gophish/gophish/commit/90fed5a575628b89eaf941e1627b49e0f3693812",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/commit/90fed5a575628b89eaf941e1627b49e0f3693812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24708",
"datePublished": "2020-10-28T19:32:46.000Z",
"dateReserved": "2020-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:09.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16146 (GCVE-0-2019-16146)
Vulnerability from cvelistv5 – Published: 2019-09-09 12:11 – Updated: 2024-08-05 01:10
VLAI?
Summary
Gophish through 0.8.0 allows XSS via a username.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gophish/gophish/pull/1547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gophish through 0.8.0 allows XSS via a username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-09T12:11:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gophish/gophish/pull/1547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gophish through 0.8.0 allows XSS via a username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gophish/gophish/pull/1547",
"refsource": "MISC",
"url": "https://github.com/gophish/gophish/pull/1547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16146",
"datePublished": "2019-09-09T12:11:12.000Z",
"dateReserved": "2019-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:10:41.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}