Lucene search
K

108 matches found

CVE
CVE
added 2025/06/23 8:52 p.m.28 views

CVE-2025-52558

Changedetection.io prior to version 0.50.4 is affected by a cross-site scripting (XSS) vulnerability caused by errors in filters during page-change detection watches. The issue can allow an attacker to inject malicious scripts into a user’s browser. The vulnerability has been patched in version 0...

7CVSS5.7AI score0.00521EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/23 8:52 p.m.2 views

CVE-2025-52558 ChangeDetection.io XSS in watch overview

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...

7CVSS6.1AI score0.00521EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.5 views

PT-2025-26644 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.50.4 Description: The issue is related to a cross-site scripting XSS vulnerability due to errors in filters from website page change detection watches not being properly filtered. This vulnerability has...

7CVSS5.2AI score0.00521EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.4 views

changedetection.io 跨站脚本漏洞

changedetection.io is a website change detection, monitoring, and notification application by the individual developers at dgtlmoon. A cross-site scripting vulnerability exists in changedetection.io versions prior to 0.50.4, which stems from a filter error leading to a cross-site scripting attack...

7CVSS5.8AI score0.00521EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:22 a.m.6 views

CVE-2023-24769

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection...

5.4CVSS5.8AI score0.00631EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:5 a.m.8 views

CVE-2024-32651

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

10CVSS7.4AI score0.83722EPSS
Exploits5References1
Snyk
Snyk
added 2024/12/27 6:2 p.m.1 views

Directory Traversal

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal on URLs received as input. An attacker can read local files via the watch preview functionality. URLs are not sufficiently checked for paths tha...

9.2CVSS7.4AI score0.00691EPSS
Exploits0References2
NVD
NVD
added 2024/12/27 4:15 p.m.21 views

CVE-2024-56509

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...

8.6CVSS0.00691EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/27 3:56 p.m.27 views

CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...

8.6CVSS0.00691EPSS
Exploits0References2
CVE
CVE
added 2024/12/27 3:56 p.m.58 views

CVE-2024-56509

CVE-2024-56509 affects changedetection.io. The issue is improper input validation that enables local file read (LFR) or path traversal when user-supplied input is used to build file paths (e.g., file:../../../etc/passwd). The vulnerability is triggered via URLs processed by the application and is...

8.6CVSS8.5AI score0.00691EPSS
Exploits0References2
OSV
OSV
added 2024/12/27 3:56 p.m.18 views

CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...

8.6CVSS6.3AI score0.00691EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.7 views

PT-2024-36824 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.48.05 Description: The issue is related to improper input validation in the application, which can allow attackers to perform local file read LFR or path traversal attacks. These attacks occur when user...

8.6CVSS6.9AI score0.00691EPSS
Exploits0References13
NVD
NVD
added 2024/11/08 12:15 a.m.15 views

CVE-2024-51998

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

8.6CVSS0.00697EPSS
Exploits0References3
OSV
OSV
added 2024/11/07 11:34 p.m.16 views

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

8.6CVSS6.2AI score0.00697EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/07 11:34 p.m.20 views

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

8.6CVSS0.00697EPSS
Exploits0References3
NVD
NVD
added 2024/11/01 5:15 p.m.26 views

CVE-2024-51483

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

6.9CVSS0.0229EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/01 4:19 p.m.65 views

CVE-2024-51483 changedetection.io Path Traversal vulnerability

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

6.9CVSS0.0229EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/01 4:19 p.m.23 views

CVE-2024-51483 changedetection.io Path Traversal vulnerability

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

6.9CVSS6.7AI score0.0229EPSS
Exploits0References4
CVE
CVE
added 2024/11/01 4:19 p.m.65 views

CVE-2024-51483

Affected software: changedetection.io (pre-0.47.5). Vulnerability: path traversal/local file access via WebDriver requests that can read local files using source:file:///… (e.g., /etc/passwd) where traditional file:/// paths are blocked. Root cause appears to be insufficient validation in Watch.p...

6.9CVSS6.7AI score0.0229EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.16 views

changedetection.io 安全漏洞

changedetection.io is a website change detection, monitoring, and notification application from the individual developers at dgtlmoon. A security vulnerability exists in changedetection.io versions prior to 0.47.5, which stems from a flaw in the restriction of local file access that could result ...

6.9CVSS5.9AI score0.0229EPSS
Exploits0References4
Rows per page
Query Builder