GitHub Advisory DatabaseGHSA-68WJ-C2JW-5PP9Stored cross site scripting in changedetection.io
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
30.2%
Changedetection.io before 0.40.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the “Add a new change detection watch” function.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | changedetection.io | * | cpe:2.3:a:*:changedetection.io:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-68wj-c2jw-5pp9
github.com/dgtlmoon/changedetection.io/issues/1358
github.com/dgtlmoon/changedetection.io/pull/1359
github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2023-10.yaml
nvd.nist.gov/vuln/detail/CVE-2023-24769
www.edoardoottavianelli.it/CVE-2023-24769
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
30.2%