Getgophish ≫ Gophish

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible t...

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.

Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.

Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.

This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL,...

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.

Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.

Gophish before 0.11.0 allows SSRF attacks.

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack