PT-2019-14542 · Gophish · Gophish
Dmaciejak
·
Publicado
2019-09-09
·
Atualizado
2024-08-20
·
CVE-2019-16146
CVSS v3.1
4.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Gophish versions prior to 0.8.1
Description
The issue allows for XSS via a
username. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.Recommendations
For versions prior to 0.8.1, update to version 0.8.1 or later to resolve the issue. As a temporary workaround, consider restricting the input for the
username variable to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gophish