Cross Site Scripting (XSS) vulnerability in Gophish prior to 0.11.0 via the IMAP Host field on the account settings page.
getgophish gophish