CVE-2023-24769
published 2023-02-17CVE-2023-24769: Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.63%
45.7th percentile
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dgtlmoon | changedetection.io | >= 0 < 0.40.2 | 0.40.2 |
| webtechnologies | changedetection | < 0.40.1.1 | 0.40.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Stored cross site scripting in changedetection.io
ghsa·2023-02-18
CVE-2023-24769 [MEDIUM] CWE-79 Stored cross site scripting in changedetection.io
Stored cross site scripting in changedetection.io
Changedetection.io before 0.40.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
OSV
Stored cross site scripting in changedetection.io
osv·2023-02-18
CVE-2023-24769 [MEDIUM] Stored cross site scripting in changedetection.io
Stored cross site scripting in changedetection.io
Changedetection.io before 0.40.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
OSV
CVE-2023-24769: Changedetection
osv·2023-02-17
CVE-2023-24769 CVE-2023-24769: Changedetection
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/dgtlmoon/changedetection.io/issues/1358https://www.edoardoottavianelli.it/CVE-2023-24769https://www.youtube.com/watch?v=TRTpRlkU3Hchttps://github.com/dgtlmoon/changedetection.io/issues/1358https://www.edoardoottavianelli.it/CVE-2023-24769https://www.youtube.com/watch?v=TRTpRlkU3Hc
2023-02-17
Published