160 matches found
CVE-2022-45004
Gophish through 0.12.1 was discovered to contain a cross-site scripting XSS vulnerability via a crafted landing page...
CVE-2020-24707
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...
CVE-2020-24712
Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page...
SUSE CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
GO-2025-3361 GoPhish sends cleartext passwords in github.com/gophish/gophish
GoPhish sends cleartext passwords in github.com/gophish/gophish...
Insufficiently Protected Credentials
GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...
GHSA-RV83-H68Q-C4WQ GoPhish sends cleartext passwords
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
GoPhish sends cleartext passwords
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
CVE-2024-55196 concerns GoPhish v0.12.1 with a misconfiguration in the mail-server credentials handling. The vulnerability arises from insufficiently protected credentials in the Mail Server Configuration, enabling an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
PT-2024-36492 · Gophish +1 · Gophish +1
Name of the Vulnerable Software and Affected Versions: GoPhish version 0.12.1 Description: The issue allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers due to insufficiently protected credentials in the Mail Server Configuration. Recommendations: For GoPhish...
GoPhish 安全漏洞
GoPhish is an open source phishing framework from GoPhish Open Source. A security vulnerability exists in GoPhish version v0.12.1, which stems from insufficient credential protection in the mail server configuration, which allows an attacker to access configured IMAP and SMTP servers with plainte...
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT aka DCRat and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are...
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain...
Server Side Request Forgery (SSRF)
github.com/gophish/gophish is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper validation of external resource requests, allowing an attacker to send crafted requests to internal services...
GO-2022-0987 Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish
Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish...
GO-2023-1982 Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish
Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish...
GO-2023-1936 Gophish XSS Vulnerability in github.com/gophish/gophish
Gophish XSS Vulnerability in github.com/gophish/gophish...