exploitDog

CVE-2024-2211

Опубликовано: 06 мар. 2024

Источник: nvd

CVSS3: 4.6

CVSS3: 6.1

EPSS Низкий

Описание

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-gophish-admin-panel
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-gophish-admin-panel
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getgophish:gophish:0.12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00084

Низкий

4.6 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-h8r2-vw8v-933p

CVSS3: 4.6

github

почти 2 года назад

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.

EPSS

Процентиль: 25%

0.00084

Низкий

4.6 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79