cbcvebase.

Thinkst Canarytokens vulnerabilities

7 known vulnerabilities affecting thinkst/canarytokens.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4LOW2

Vulnerabilities

Page 1 of 1
CVE-2019-9768P3HIGHCVSS 7.5PoC≤ 2019-03-012019-03-14
CVE-2019-9768 [HIGH] CWE-264 CVE-2019-9768: Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, m Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.
nvd
CVE-2024-28111P4MEDIUMCVSS 6.5fixed in sha-c595a1f82024-03-06
CVE-2024-28111 [MEDIUM] CWE-1236 CVE-2024-28111: Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if th
nvd
CVE-2024-41664P4MEDIUMCVSS 5.4fixed in sha-8ea53152024-07-23
CVE-2024-41664 [MEDIUM] CWE-918 CVE-2024-41664: Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test reques
nvd
CVE-2022-31113P4MEDIUMCVSS 6.1fixed in 2022-07-01fixed in sha-fb612902022-07-01
CVE-2022-31113 [MEDIUM] CWE-79 CVE-2022-31113: Canarytokens is an open source tool which helps track activity and actions on your network. A Cross- Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken's history page (domain: canarytokens.org) when
nvd
CVE-2023-22475P4MEDIUMCVSS 6.1fixed in 2023-01-062023-01-06
CVE-2023-22475 [MEDIUM] CVE-2023-22475: Canarytokens is an open source tool which helps track activity and actions on your network. A Cross- Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use this to execute Javascript in the Canarytoken's trigger history page (domain: c
nvd
CVE-2024-41663P4LOWCVSS 3.5fixed in sha-8ea53152024-07-23
CVE-2024-41663 [LOW] CWE-79 CVE-2024-41663: Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of their slow redirect token. When the creator later browses
nvd
CVE-2026-28355P4LOWCVSS 1.3fixed in sha-7ff0e122026-02-27
CVE-2026-28355 [LOW] CWE-79 CVE-2026-28355: Canarytokens help track activity and actions on a network. Versions prior to `sha-7ff0e12` have a Se Canarytokens help track activity and actions on a network. Versions prior to `sha-7ff0e12` have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can insert Javascript into the title field of their PWA token. Wh
nvd
Thinkst Canarytokens vulnerabilities | cvebase