16 matches found
CVE-2026-28355
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2026-28355
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2026-28355
The CVE-2026-28355 entry covers a Self Cross-Site Scripting (XSS) vulnerability in the Canarytokens “PWA” Canarytoken. Affected component is the title field of the PWA token; versions prior to sha-7ff0e12 allow the creator to inject JavaScript that executes when the installation page is visited b...
EUVD-2026-9072
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2026-28355
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting
Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...
Canarytokens 跨站脚本漏洞
Canarytokens is a web activity tracking system open source by Thinkst Applied Research. Previous versions of Canarytokens had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the title field in PWA Canarytoken, which could lead to cross-site scripting...
CVE-2024-41663
Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...
CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting
Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...
CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting
Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...
CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting
Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...
PT-2024-29492 · Unknown · Canarytokens
Name of the Vulnerable Software and Affected Versions: Canarytokens versions prior to the latest Docker image after sha-097d91a Description: A Cross-Site Scripting issue was identified in the "Cloned Website" Canarytoken. The creator of a slow-redirect Canarytoken can insert Javascript into the...
CVE-2023-22475 Cross-Site Scripting in Canarytoken history
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...
CVE-2022-31113 Cross-Site Scripting in Canarytoken history
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken a URL to execute Javascript in the...
Exploit for Improper Input Validation in Microsoft
FakeCVE-2020-1350 This is the source code for a very crude fa...