Lucene search
K

3392 matches found

Cvelist
Cvelist
added 2026/03/06 6:53 a.m.30 views

CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

6.1CVSS0.00282EPSS
Exploits1References3
OSV
OSV
added 2026/03/06 6:53 a.m.3 views

CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

6.1CVSS5.6AI score0.00282EPSS
Exploits1References5
CVE
CVE
added 2026/03/06 6:53 a.m.18 views

CVE-2026-29038

CVE-2026-29038 affects changedetection.io before version 0.54.4. The vulnerability is a reflected XSS in the /rss/tag/ endpoint where the URL path parameter tag_uuid is reflected in the HTTP response body without HTML escaping. Flask returns text/html by default for plain strings, enabling the br...

6.1CVSS5.7AI score0.00282EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/04 8:58 p.m.4 views

Cross-site Scripting (XSS)

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the taguuid parameter in the /rss/tag/ endpoint, which is reflected in the HTTP response without proper escaping. An attacker can execu...

6.1CVSS5.7AI score0.00282EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/04 8:58 p.m.82 views

changedetection.io has Reflected XSS in its RSS Tag Error Response

A reflected cross-site scripting XSS vulnerability was identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser...

6.1CVSS5.8AI score0.00282EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/02/28 10:16 p.m.8 views

CVE-2026-28559

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/02/28 9:47 p.m.17 views

CVE-2026-28559

wpForo Forum 2.4.14 has an information disclosure flaw in the global RSS feed endpoint that allows unauthenticated access to private and unapproved topics. Requesting the RSS feed without a forum ID bypasses privacy and status filters that are applied when a specific forum ID is present, exposing...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/28 9:47 p.m.25 views

CVE-2026-28559 wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

6.9CVSS0.00337EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:16 a.m.5 views

CVE-2026-27645

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...

6.1CVSS5.4AI score0.00445EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/25 9:18 a.m.1 views

Cross-site Scripting (XSS)

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rss/ endpoint, where the UUID path parameter is reflected in the HTTP response body without proper HTML escaping. An attacker can...

6.1CVSS5.7AI score0.00445EPSS
Exploits1References2
NVD
NVD
added 2026/02/25 5:17 a.m.10 views

CVE-2026-27645

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...

6.1CVSS0.00445EPSS
Exploits1References2
CVE
CVE
added 2026/02/25 4:6 a.m.39 views

CVE-2026-27645

CVE-2026-27645 : In affected changedetection.io versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Because Flask returns text/html by default for plain string responses, the browser may parse and execu...

6.1CVSS5.4AI score0.00445EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:6 a.m.6 views

CVE-2026-27645

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...

6.1CVSS5.4AI score0.00445EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/25 4:6 a.m.6 views

CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...

6.1CVSS5.6AI score0.00445EPSS
Exploits1References4
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-60183

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

5.9CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.26 views

CVE-2025-60183 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

5.9CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-60183 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

5.9CVSS5.9AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 7:16 a.m.12 views

CVE-2026-2825

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5.1CVSS0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/20 6:2 a.m.6 views

CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5.1CVSS3.8AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 6:2 a.m.30 views

CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5.1CVSS0.00248EPSS
Exploits0References4
Rows per page
Query Builder