x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2020-24712

[tatianab]

CVE-2020-24712 references github.com/gophish/gophish, which may be a Go module.

Description:
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-24712
• web: https://herolab.usd.de/security-advisories/usd-2020-0050/
• fix: gophish/gophish@4e9b94b
• web: https://github.com/gophish/gophish/releases/tag/v0.11.0
• Imported by: https://pkg.go.dev/github.com/gophish/gophish?tab=importedby

Cross references:

• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-25295 #987 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45003 #1665 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45004 #1666 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9h9f-9q8g-6764 #1936 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9c9w-9pq7-f35h #1982 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/gophish/gophish
      vulnerable_at: 0.12.1
      packages:
        - package: n/a
cves:
    - CVE-2020-24712
references:
    - web: https://herolab.usd.de/security-advisories/usd-2020-0050/
    - fix: https://github.com/gophish/gophish/commit/4e9b94b641755f359542b246cc0c555fa3bc6715
    - web: https://github.com/gophish/gophish/releases/tag/v0.11.0

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports