Vulnerabilities > Getgophish
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-22 | CVE-2022-45003 | Unspecified vulnerability in Getgophish Gophish Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. | 7.5 |
2023-03-22 | CVE-2022-45004 | Cross-site Scripting vulnerability in Getgophish Gophish Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. | 6.1 |
2020-10-28 | CVE-2020-24713 | Insufficient Session Expiration vulnerability in Getgophish Gophish Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. | 5.0 |
2020-10-28 | CVE-2020-24712 | Cross-site Scripting vulnerability in Getgophish Gophish Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page. | 3.5 |
2020-10-28 | CVE-2020-24711 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Getgophish Gophish The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack | 4.3 |
2020-10-28 | CVE-2020-24710 | Server-Side Request Forgery (SSRF) vulnerability in Getgophish Gophish Gophish before 0.11.0 allows SSRF attacks. | 5.0 |
2020-10-28 | CVE-2020-24709 | Cross-site Scripting vulnerability in Getgophish Gophish Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template. | 3.5 |
2020-10-28 | CVE-2020-24708 | Cross-site Scripting vulnerability in Getgophish Gophish Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form. | 3.5 |
2020-10-28 | CVE-2020-24707 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Getgophish Gophish Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. | 9.3 |
2019-09-09 | CVE-2019-16146 | Cross-site Scripting vulnerability in Getgophish Gophish Gophish through 0.8.0 allows XSS via a username. | 3.5 |