CVE-2024-41663
CVSS 3.1 Score 3.5 of 10 (low)
Details
Summary
CVE-2024-41663 is a Cross-Site Scripting (XSS) vulnerability affecting the "Cloned Website" feature of Canarytokens. This issue allows the creator of a Canarytoken to inject malicious JavaScript into the destination URL of their slow redirect token. When the creator subsequently visits the management page for their own Canarytoken, the inserted JavaScript executes. This constitutes a self-XSS attack, which, while not disclosing sensitive information, is still a potential security risk. Users of self-hosted Canarytokens installations can mitigate this vulnerability by updating to the latest Docker image with the SHA-097d91a identifier or any subsequent image. Canarytokens.org has already addressed this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.