2 matches found
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...
CVE-2026-27645
creationtimestamp| type| source ---|---|--- 2026-02-23 20:40:13+00:00| published-proof-of-concept| https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w 2026-02-25 05:52:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfnyhqe6aq2u...