107 matches found
changedetection.io 安全漏洞
Changedetection.io is a website monitoring and notification application developed by dgtlmoon. Versions of Changedetection.io prior to 0.54.1 contained security vulnerabilities. These vulnerabilities stemmed from the URL validation function, issafevalidurl, which did not validate the resolution I...
Directory Traversal
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the sendfromdirectory function. An attacker can access files within the application package directory by supplying crafted path-traversal...
CVE-2026-25527 changedetection.io vulnerable to unauthenticated static path traversal
changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...
CVE-2024-34061
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...
GHSA-4C3J-3H7V-22Q9 changedetection.io: Stored XSS in Watch update via API
Summary A Stored Cross Site Scripting is present in the changedetection.io Watch update API due to unsufficient security checks. Details Tested on changedetection.io version v0.50.24 console REPOSITORY TAG IMAGE ID CREATED SIZE ghcr.io/dgtlmoon/changedetection.io latest 0367276509a0 23 hours ago...
CVE-2025-62780
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
PYSEC-2025-91
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
CVE-2025-62780
CVE-2025-62780 is a stored XSS in changedetection.io’s Watch update API present in versions prior to 0.50.34. Exploitation involves injecting an unsafe URL as a Watch (either when creating a new watch or updating an existing one); when a user previews, the injected JavaScript payload can execute....
CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
changedetection.io 跨站脚本漏洞
changedetection.io is a website change detection, monitoring, and notification application by the individual developers at dgtlmoon. A cross-site scripting vulnerability exists in changedetection.io versions prior to 0.50.34, which stems from insufficient security checks and could lead to a store...
PT-2025-46200
Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.50.34 Description A Stored Cross Site Scripting issue exists in changedetection.io’s Watch update API due to inadequate security checks. An attacker can insert a new watch with a URL pointing to a web pag...
EUVD-2023-0053
Malicious code in bioql PyPI...
CVE-2025-52558
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...
ChangeDetection.io XSS in watch overview
Impact XSS - Errors in filters from website page change detection watches were not being filtered. Patches 0.50.4...
GHSA-HWPG-X5HW-VPV9 ChangeDetection.io XSS in watch overview
Impact XSS - Errors in filters from website page change detection watches were not being filtered. Patches 0.50.4...
CVE-2025-52558
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...
CVE-2025-52558 ChangeDetection.io XSS in watch overview
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...
CVE-2025-52558
Changedetection.io prior to version 0.50.4 is affected by a cross-site scripting (XSS) vulnerability caused by errors in filters during page-change detection watches. The issue can allow an attacker to inject malicious scripts into a user’s browser. The vulnerability has been patched in version 0...
CVE-2025-52558 ChangeDetection.io XSS in watch overview
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...