Lucene search
Veracode Vulnerability DatabaseVERACODE:39404HistoryFeb 24, 2023 - 2:41 p.m.
Stored Cross-Site Scripting (XSS)
2023-02-2414:41:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site scripting
vulnerability
watch list
crafted payload
url parameter
web scripts
html
changedetection_io
0.001 Low
EPSS
Percentile
28.9%
changedetection_io is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists in the watch list which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| changedetection.io | le | 0.40.1.1 | |
| changedetection.io | le | 0.40.1.1 |
References
github.com/advisories/GHSA-68wj-c2jw-5pp9
github.com/dgtlmoon/changedetection.io/commit/995f6a0311c64f60a1c072c5af707aabdb34d546
github.com/dgtlmoon/changedetection.io/issues/1358
github.com/dgtlmoon/changedetection.io/pull/1359
www.edoardoottavianelli.it/CVE-2023-24769
www.youtube.com/watch?v=TRTpRlkU3Hc
Related
osv
osv
Stored cross site scripting in changedetection.io
2023-02-18 00:31:59
PYSEC-2023-10
2023-02-17 22:15:00
CVE-2023-24769
2023-02-17 22:15:14
cve
cve
CVE-2023-24769
2023-02-17 22:15:14
cvelist
cvelist
CVE-2023-24769
2023-02-17 00:00:00
nvd
nvd
CVE-2023-24769
2023-02-17 22:15:14
github
github
Stored cross site scripting in changedetection.io
2023-02-18 00:31:59
prion
prion
Cross site scripting
2023-02-17 22:15:00