changedetection_io is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists in the watch list which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
CPE | Name | Operator | Version |
---|---|---|---|
changedetection.io | le | 0.40.1.1 | |
changedetection.io | le | 0.40.1.1 |
github.com/advisories/GHSA-68wj-c2jw-5pp9
github.com/dgtlmoon/changedetection.io/commit/995f6a0311c64f60a1c072c5af707aabdb34d546
github.com/dgtlmoon/changedetection.io/issues/1358
github.com/dgtlmoon/changedetection.io/pull/1359
www.edoardoottavianelli.it/CVE-2023-24769
www.youtube.com/watch?v=TRTpRlkU3Hc