github.com/gophish/gophish is vulnerable to cross-site scripting (XSS). The attack is possible because there are many unsanitized user.username
values in users.js
, allowing an attacker to inject malicious script via those parameters in User Management Page.