CVE-2026-13140

EPSS -
Veröffentlicht 24.06.2026 11:12:17
Zuletzt bearbeitet 24.06.2026 13:16:31
Quelle 0f2be0ad-3469-4e56-b38f-4eb967
CVE-Watchlists
Login
Unerledigt
Login

Stored Cross-Site Scripting in Canarytokens.org

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens.




Anonymous exploitation requires knowledge of a random identifier.




This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerThinkst Applied Research

≫

Produkt Canarytokens

Default Statusunaffected

Version sha-4116b92cb

Version < f5aa5c4e

Status affected

Version 4116b92cb

Version < f5aa5c4e

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
0f2be0ad-3469-4e56-b38f-4eb96719b425	1.1	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/thinkst/canarytokens/security/advisories/GHSA-23pf-xjp2-48q6

https://nvd.nist.gov/vuln/detail/CVE-2026-13140

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-13140

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-13140

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-13140