Lucene search
K

160 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.10 views

CVE-2022-45004

Gophish through 0.12.1 was discovered to contain a cross-site scripting XSS vulnerability via a crafted landing page...

6.1CVSS6AI score0.00595EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 p.m.10 views

CVE-2020-24707

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

9.3CVSS6.9AI score0.01313EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:21 p.m.9 views

CVE-2020-24712

Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page...

5.4CVSS6AI score0.00851EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/01/10 12:23 a.m.6 views

SUSE CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS7AI score0.00365EPSS
Exploits0References4
OSV
OSV
added 2025/01/07 4:3 p.m.68 views

GO-2025-3361 GoPhish sends cleartext passwords in github.com/gophish/gophish

GoPhish sends cleartext passwords in github.com/gophish/gophish...

7.5CVSS7.5AI score0.00365EPSS
Exploits0References3
Veracode
Veracode
added 2025/01/07 6:17 a.m.11 views

Insufficiently Protected Credentials

GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...

7.5CVSS6.4AI score0.00365EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/12/19 9:31 p.m.22 views

GHSA-RV83-H68Q-C4WQ GoPhish sends cleartext passwords

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS7.5AI score0.00365EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/12/19 9:31 p.m.18 views

GoPhish sends cleartext passwords

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS7.1AI score0.00365EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/12/19 7:15 p.m.46 views

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS0.00365EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/19 12:0 a.m.12 views

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.1AI score0.00365EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/19 12:0 a.m.46 views

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

0.00365EPSS
Exploits0References1
CVE
CVE
added 2024/12/19 12:0 a.m.88 views

CVE-2024-55196

CVE-2024-55196 concerns GoPhish v0.12.1 with a misconfiguration in the mail-server credentials handling. The vulnerability arises from insufficiently protected credentials in the Mail Server Configuration, enabling an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS6.9AI score0.00365EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.5 views

PT-2024-36492 · Gophish +1 · Gophish +1

Name of the Vulnerable Software and Affected Versions: GoPhish version 0.12.1 Description: The issue allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers due to insufficiently protected credentials in the Mail Server Configuration. Recommendations: For GoPhish...

9.9CVSS6.1AI score0.75197EPSS
Exploits5References60
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.6 views

GoPhish 安全漏洞

GoPhish is an open source phishing framework from GoPhish Open Source. A security vulnerability exists in GoPhish version v0.12.1, which stems from insufficient credential protection in the mail server configuration, which allows an attacker to access configured IMAP and SMTP servers with plainte...

7.5CVSS6.4AI score0.00365EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/22 5:6 p.m.15 views

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT aka DCRat and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/22 10:0 a.m.11 views

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain...

8.4AI score
Exploits0
Veracode
Veracode
added 2024/10/18 6:8 a.m.13 views

Server Side Request Forgery (SSRF)

github.com/gophish/gophish is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper validation of external resource requests, allowing an attacker to send crafted requests to internal services...

5.3CVSS6.7AI score0.01322EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/08/21 4:3 p.m.15 views

GO-2022-0987 Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish

Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References6
OSV
OSV
added 2024/08/20 8:32 p.m.22 views

GO-2023-1982 Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish

Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish...

5.3CVSS5.2AI score0.01322EPSS
Exploits1References5
OSV
OSV
added 2024/08/20 8:31 p.m.34 views

GO-2023-1936 Gophish XSS Vulnerability in github.com/gophish/gophish

Gophish XSS Vulnerability in github.com/gophish/gophish...

4.8CVSS4.8AI score0.00657EPSS
Exploits0References4
Rows per page
Query Builder