Cross Site Scripting (XSS) vulnerability in Gophish prior to 0.11.0 via the Host field on the send profile form.
getgophish gophish