github.com/gophish/gophish is vulnerable to open redirect attacks. The vulnerability exists in the next query parameter in nextOrIndex
function of route.go
because the path extraction is not properly handled which allows an attacker to redirect users to arbitrary web URLs by tricking the victim to click on specifically crafted links.