108 matches found
CVE-2025-52558
Changedetection.io prior to version 0.50.4 is affected by a cross-site scripting (XSS) vulnerability caused by errors in filters during page-change detection watches. The issue can allow an attacker to inject malicious scripts into a user’s browser. The vulnerability has been patched in version 0...
CVE-2025-52558 ChangeDetection.io XSS in watch overview
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...
PT-2025-26644 · Unknown · Changedetection.Io
Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.50.4 Description: The issue is related to a cross-site scripting XSS vulnerability due to errors in filters from website page change detection watches not being properly filtered. This vulnerability has...
changedetection.io 跨站脚本漏洞
changedetection.io is a website change detection, monitoring, and notification application by the individual developers at dgtlmoon. A cross-site scripting vulnerability exists in changedetection.io versions prior to 0.50.4, which stems from a filter error leading to a cross-site scripting attack...
CVE-2023-24769
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection...
CVE-2024-32651
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...
Directory Traversal
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal on URLs received as input. An attacker can read local files via the watch preview functionality. URLs are not sufficiently checked for paths tha...
CVE-2024-56509
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
CVE-2024-56509
CVE-2024-56509 affects changedetection.io. The issue is improper input validation that enables local file read (LFR) or path traversal when user-supplied input is used to build file paths (e.g., file:../../../etc/passwd). The vulnerability is triggered via URLs processed by the application and is...
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
PT-2024-36824 · Unknown · Changedetection.Io
Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.48.05 Description: The issue is related to improper input validation in the application, which can allow attackers to perform local file read LFR or path traversal attacks. These attacks occur when user...
CVE-2024-51998
changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...
CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io
changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...
CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io
changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...
CVE-2024-51483
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...
CVE-2024-51483 changedetection.io Path Traversal vulnerability
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...
CVE-2024-51483 changedetection.io Path Traversal vulnerability
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...
CVE-2024-51483
Affected software: changedetection.io (pre-0.47.5). Vulnerability: path traversal/local file access via WebDriver requests that can read local files using source:file:///… (e.g., /etc/passwd) where traditional file:/// paths are blocked. Root cause appears to be insufficient validation in Watch.p...
changedetection.io 安全漏洞
changedetection.io is a website change detection, monitoring, and notification application from the individual developers at dgtlmoon. A security vulnerability exists in changedetection.io versions prior to 0.47.5, which stems from a flaw in the restriction of local file access that could result ...