Skip to main content

Gophish CVE-2020-24711

MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2020-10-28 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 28, 2020 - 20:15 nvd
MEDIUM 6.5

DescriptionNVD

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

AnalysisAI

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1021. The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack Affected products include: Getgophish Gophish. Version information: before 0.11.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-24707 HIGH POC
7.8 Oct 28

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. Rated high severity (CVSS 7.8),

CVE-2025-70963 HIGH POC
7.6 Feb 06

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived

CVE-2020-24713 HIGH POC
7.5 Oct 28

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. Rated high severity (CVSS 7.5), this vulnerab

CVE-2026-39904 HIGH POC
7.1 Jun 22

Memory exhaustion denial of service in Gophish through 0.12.1 allows authenticated low-privilege users to crash the phis

CVE-2022-25295 MEDIUM POC
5.4 Sep 11

This affects the package github.com/gophish/gophish before 0.12.0. Rated medium severity (CVSS 5.4), this vulnerability

CVE-2020-24712 MEDIUM POC
5.4 Oct 28

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

CVE-2020-24709 MEDIUM POC
5.4 Oct 28

Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template. Rated m

CVE-2020-24708 MEDIUM POC
5.4 Oct 28

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form. Rated med

CVE-2020-24710 MEDIUM POC
5.3 Oct 28

Gophish before 0.11.0 allows SSRF attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

CVE-2024-2211 MEDIUM
6.1 Mar 06

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. Rated medium severity (CVSS 6.1), this vu

CVE-2019-16146 MEDIUM
4.8 Sep 09

Gophish through 0.8.0 allows XSS via a username. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploi

Share

CVE-2020-24711 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy