CVE-2024-41663

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Jul 23, 2024
Updated: Jul 24, 2024
CWE ID 79

Summary

CVE-2024-41663 is a Cross-Site Scripting (XSS) vulnerability affecting the "Cloned Website" feature of Canarytokens. This issue allows the creator of a Canarytoken to inject malicious JavaScript into the destination URL of their slow redirect token. When the creator subsequently visits the management page for their own Canarytoken, the inserted JavaScript executes. This constitutes a self-XSS attack, which, while not disclosing sensitive information, is still a potential security risk. Users of self-hosted Canarytokens installations can mitigate this vulnerability by updating to the latest Docker image with the SHA-097d91a identifier or any subsequent image. Canarytokens.org has already addressed this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share