Cross-Site Scripting vulnerability in Gophish Admin Panel

Posted date 06/03/2024
3 - Medium
Affected Resources

Admin Panel, version 0.12.1.


INCIBE has coordinated the publication of a medium severity vulnerability affecting Gophish Admin Panel version 0.12.1, an open source framework for creating phishing platforms and checking the organisation's exposure, which was discovered by Miguel Segovia Gil.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-2211: 4.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N | CWE-79.

There is no reported solution at this time.


CVE-2024-2211: Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.