GSA_kwCzR0hTQS01NW05LWhtOTIteG04as4AAyPG

Moderate EPSS: 0.00316% (0.54197 Percentile) EPSS:

Permalink JSON

Gophish vulnerable to Cross-site Scripting via crafted landing page

Affected Packages	Affected Versions	Fixed Versions
go:github.com/gophish/gophish PURL: `pkg:go/github.com%2Fgophish%2Fgophish`	<= 0.12.1	No known fixed version
17 Dependent packages 16 Dependent repositories Affected Version Ranges All affected versions v0.1.1, v0.1.2, v0.2.0, v0.3.0, v0.4.0, v0.5.0, v0.6.0, v0.7.0, v0.8.0, v0.9.0, v0.10.0, v0.10.1, v0.11.0, v0.12.0, v0.12.1

Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-45004
https://github.com/gophish/gophish/releases/tag/v0.12.1
https://pastebin.com/z5MD3z8c
https://github.com/advisories/GHSA-55m9-hm92-xm8j

Identifiers

GHSA-55m9-hm92-xm8j

CVE-2022-45004

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00316

EPSS Percentile: 0.54197

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/gophish/gophish

Date and time

Published

over 2 years ago

Updated

16 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories