Cross-site Scripting (XSS)

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the taguuid parameter in the /rss/tag/ endpoint, which is reflected in the HTTP response without proper escaping. An attacker can execu...

Cross-site Scripting (XSS)

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rss/ endpoint, where the UUID path parameter is reflected in the HTTP response body without proper HTML escaping. An attacker can...

CVE-2026-27645

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...

PT-2024-12517 · Modern Campus · Modern Campus - Omni Cms

Name of the Vulnerable Software and Affected Versions: Modern Campus - Omni CMS version 2023.1 Description: A Directory Traversal issue allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to "listing.php" or "rss.php" API endpoints. Recommendations...

Glassdoor: Unauthorized Access to Deleted Interviews on Glassdoor Platform

Unauthorized access to deleted interviews on a career platform was possible through an RSS endpoint that has since been deprecated...