Jordan Wright - Security Researcher - Exploit Intelligence Platform

CVE-2020-24707 WRITEUP HIGH WRITEUP

gophish < 0.11.0 - CSV Injection

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

CVSS 7.8

View Code

CVE-2020-24708 WRITEUP MEDIUM WRITEUP

gophish < 0.11.0 - Stored Cross-Site Scripting via Host Field on Send Profile Form

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.

CVSS 5.4

View Code

CVE-2020-24710 WRITEUP MEDIUM WRITEUP

gophish < 0.11.0 - Server-Side Request Forgery

Gophish before 0.11.0 allows SSRF attacks.

CVSS 5.3

View Code

CVE-2020-24711 WRITEUP MEDIUM WRITEUP

gophish < 0.11.0 - Denial of Service via Clickjacking on Account Settings Reset Button

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

CVSS 6.5

View Code

CVE-2020-24712 WRITEUP MEDIUM WRITEUP

gophish < 0.11.0 - Stored Cross-Site Scripting via IMAP Host Field

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

CVSS 5.4

View Code