Количество 2
Количество 2
CVE-2025-70963
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.
GHSA-9f8m-9547-2gqm
Gophish is vulnerable to Incorrect Access Control
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-70963 Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context. | CVSS3: 7.6 | 0% Низкий | 3 дня назад |
| GHSA-9f8m-9547-2gqm Gophish is vulnerable to Incorrect Access Control | 0% Низкий | 3 дня назад |
Уязвимостей на страницу