CVE-2024-2211 MEDIUM

CVE-2024-2211: Cross-Site Scripting vulnerability in Gophish Admin Panel

Vendor Gophish

Product Admin Panel

Weakness CWE-79 · XSS

Published March 6, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.

Key dates

02Disclosure timeline

March 6, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2211 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-25133 October CMS has Stored XSS via SVG Filter Bypass CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser CVE-2025-22566 WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting CVE-2024-13736 Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName Parameter