Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gophish
(Getgophish)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-11 | CVE-2022-25295 | This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com. | Gophish | 5.4 | ||
| 2019-09-09 | CVE-2019-16146 | Gophish through 0.8.0 allows XSS via a username. | Gophish | N/A |