54 matches found
EUVD-2025-50820
changedetection.io: Stored XSS in Watch update via API...
changedetection.io: Stored XSS in Watch update via API
Summary A Stored Cross Site Scripting is present in the changedetection.io Watch update API due to unsufficient security checks. Details Tested on changedetection.io version v0.50.24 console REPOSITORY TAG IMAGE ID CREATED SIZE ghcr.io/dgtlmoon/changedetection.io latest 0367276509a0 23 hours ago...
Cross-site Scripting (XSS)
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of errors in filters. An attacker can execute arbitrary code in the context of a user's browser by injecting maliciou...
PT-2025-1537
Name of the Vulnerable Software and Affected Versions Prusa PrusaSlicer versions prior to 2.6.2 Description A crafted 3mf project file can lead to arbitrary code execution on a host system during the process of slicing the project and exporting G-code. This issue occurs within the PostProcessor.c...
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
changedetection.io 安全漏洞
changedetection.io is a website change detection, monitoring and notification application by dgtlmoon individual developer. A security vulnerability exists in changedetection.io that stems from improper input validation...
Improper File URI Scheme Validation
changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...
changedetection.io 路径遍历漏洞
changedetection.io is a website change detection, monitoring, and notification application from the individual developers at dgtlmoon. A path traversal vulnerability exists in changedetection.io prior to version 0.47.06, which stems from inadequate validation of the file URI scheme. An attacker...
Directory Traversal
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal due to improper validation for the file URI scheme. An attacker can read any file on the system by crafting a URL that bypasses the intended...
Directory Traversal
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the Watch.py and init.py files, an attacker can read arbitrary files on the system by manipulating the file URL to bypass security checks...
CVE-2024-34061
creationtimestamp| type| source ---|---|--- 2024-05-02 10:06:55+00:00| published-proof-of-concept| https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-pwgc-w4x9-gw67...
CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...
PT-2024-24745 · Unknown +1 · Changedetection.Io +1
Name of the Vulnerable Software and Affected Versions: changedetection.io version 0.45.20 Description: The issue is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without restriction and could use a...
PYSEC-2023-10
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection...