CVE-2023-36474

Name of the Vulnerable Software and Affected Versions Interactsh server versions prior to 1.0.0

Description Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to projectdiscovery.github.io as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user's browser when browsing the vulnerable subdomain.

Recommendations Update to Interactsh server v1.0.0 with go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest to fix the issue by making CNAME optional, rather than default. As a temporary workaround, consider removing the CNAME entry for the app subdomain to prevent subdomain takeover.