Reflected XSS Vulnerability Affects Changedetection.io
CVE-2024-34061

4.3MEDIUM

Key Information:

Vendor: Dgtlmoon
Status: Changedetection.io
Vendor: CVE Published:; 2 May 2024

What is CVE-2024-34061?

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Version(s)

changedetection.io < 0.45.22

References

https://github.com/dgtlmoon/changedetection.io/security/a...

x_refsource_CONFIRM

https://github.com/dgtlmoon/changedetection.io/commit/c0f...

x_refsource_MISC

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Apr 30, 2024

CVE-2024-34061 Data

JSON

Dgtlmoon

What is CVE-2024-34061?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline