24 matches found
SUSE CVE-2025-70963
Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user's long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...
GHSA-9F8M-9547-2GQM Gophish is vulnerable to Incorrect Access Control
Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...
PT-2026-6752
Name of the Vulnerable Software and Affected Versions Gophish versions prior to 0.12.1 Description The administrative dashboard reveals each user’s long-lived API key within the HTML and JavaScript code on every login. This exposes permanent API credentials to any script operating within the...
CVE-2020-24711
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...
CVE-2020-24708
Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the Host field on the send profile form...
CVE-2020-24710
Gophish before 0.11.0 allows SSRF attacks...
CVE-2019-16146
Gophish through 0.8.0 allows XSS via a username...
EUVD-2020-17424
Malware in sbrugna...
EUVD-2020-17421
Malware in sbrugna...
EUVD-2022-3349
Malicious code in bioql PyPI...
EUVD-2024-3612
Malicious code in bioql PyPI...
EUVD-2023-0875
Malicious code in bioql PyPI...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2022-45003
Gophish through 0.12.1 allows attackers to cause a Denial of Service DoS via a crafted payload involving autofocus...
CVE-2022-45004
Gophish through 0.12.1 was discovered to contain a cross-site scripting XSS vulnerability via a crafted landing page...
CVE-2020-24712
Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page...
Insufficiently Protected Credentials
GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-2211
Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...