Thinkst Applied Research Canarytokens HTML Injection Vulnerability in Notification Emails

A vulnerability allowing HTML injection has been identified in the notification emails for 'Slow Redirect' and 'Cloned Website' Canarytokens in Thinkst Applied Research Canarytokens. This vulnerability enables interface manipulation and Cross-Site Scripting (XSS) in email clients that render HTML. The issue affects Canarytokens from Docker tag sha-c42435e prior to sha-bfda4df, and from Git commit c42435e prior to bfda4df.

Impact

Exploitation of this vulnerability allows for HTML injection in notification emails, which could be used to introduce unescaped HTML, phishing links, or images. In email clients that render HTML, this could lead to Cross-Site Scripting (XSS) vulnerabilities.

Remediation

This vulnerability has been patched in the latest version of Canarytokens. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image or any Docker image after sha-bfda4df.