getgophish CVE 脆弱性と CVE 一覧(13)

製品(CPE): — CVE 件数: 13

getgophish 脆弱性概要

getgophish 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は vendor risk ssrf、vendor risk open redirect, and パス処理の欠陥 に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 113 / 13 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-70963 Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context. [email protected] 7.6 0.27% 2026-02-06 2026-06-17
CVE-2024-2211 Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu. [email protected] 4.6 0.29% 2024-03-06 2026-06-17
CVE-2022-45004 Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. [email protected] 6.1 0.60% 2023-03-22 2026-06-17
CVE-2022-45003 Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. [email protected] 7.5 1.04% 2023-03-22 2026-06-17
CVE-2022-25295 This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com. [email protected] 5.4 0.53% 2022-09-11 2026-06-17
CVE-2020-24713 Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. [email protected] 7.5 1.14% 2020-10-28 2026-06-16
CVE-2020-24712 Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page. [email protected] 5.4 0.85% 2020-10-28 2026-06-16
CVE-2020-24711 The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack [email protected] 6.5 1.55% 2020-10-28 2026-06-16
CVE-2020-24710 Gophish before 0.11.0 allows SSRF attacks. [email protected] 5.3 1.32% 2020-10-28 2026-06-16
CVE-2020-24709 Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template. [email protected] 5.4 0.55% 2020-10-28 2026-06-16
CVE-2020-24708 Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form. [email protected] 5.4 0.62% 2020-10-28 2026-06-16
CVE-2020-24707 Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. [email protected] 7.8 1.31% 2020-10-28 2026-06-16
CVE-2019-16146 Gophish through 0.8.0 allows XSS via a username. [email protected] 4.8 0.66% 2019-09-09 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence