What is the severity of CVE-2024-41663?

CVE-2024-41663 has been classified as a moderate severity Cross-Site Scripting vulnerability.

How do I fix CVE-2024-41663?

To fix CVE-2024-41663, ensure you update to the latest version of Canarytokens where the vulnerability has been patched.

Who is affected by CVE-2024-41663?

CVE-2024-41663 affects users of the Canarytokens software, particularly those utilizing the 'Cloned Website' Canarytoken feature.

What is the nature of the vulnerability in CVE-2024-41663?

CVE-2024-41663 is a Cross-Site Scripting vulnerability that allows a creator of a Canarytoken to inadvertently execute malicious JavaScript.

Can CVE-2024-41663 affect my network security?

Yes, CVE-2024-41663 can compromise network security by enabling self-inflicted attacks via malicious scripts in created Canarytokens.

Vulnerability/
CVE-2024-41663

low

3.5

CWE

23/7/2024

2/8/2024

CVE-2024-41663: Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting

First published: Tue Jul 23 2024(Updated: )

Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of their slow redirect token. When the creator later browses the management page for their own Canarytoken, the Javascript executes. This is a self-XSS. An attacker could create a Canarytoken with this self-XSS, and send the management link to a victim. When they click on it, the Javascript would execute. However, no sensitive information (ex. session information) will be disclosed to the malicious actor. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
	>=sha-097d91a

Never miss a vulnerability like this again

Reference Links

https://github.com/thinkst/canarytokens/security/advisories/GHSA-xj9h-3j9c-c95h

Frequently Asked Questions

What is the severity of CVE-2024-41663?
CVE-2024-41663 has been classified as a moderate severity Cross-Site Scripting vulnerability.
How do I fix CVE-2024-41663?
To fix CVE-2024-41663, ensure you update to the latest version of Canarytokens where the vulnerability has been patched.
Who is affected by CVE-2024-41663?
CVE-2024-41663 affects users of the Canarytokens software, particularly those utilizing the 'Cloned Website' Canarytoken feature.
What is the nature of the vulnerability in CVE-2024-41663?
CVE-2024-41663 is a Cross-Site Scripting vulnerability that allows a creator of a Canarytoken to inadvertently execute malicious JavaScript.
Can CVE-2024-41663 affect my network security?
Yes, CVE-2024-41663 can compromise network security by enabling self-inflicted attacks via malicious scripts in created Canarytokens.

agent/references
agent/title
agent/weakness
agent/description
agent/first-publish-date
agent/type
agent/severity
agent/author
agent/event
collector/nvd-api
source/NVD
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.