Cross-Site Scripting Vulnerability in ChangeDetection.io by dgtlmoon
CVE-2025-52558

7HIGH

Key Information:

Vendor: Dgtlmoon
Status: Changedetection.io
Vendor: CVE Published:; 23 June 2025

What is CVE-2025-52558?

The web page change detection service, ChangeDetection.io, had a significant vulnerability prior to version 0.50.4 whereby filters from webpage change detection notices were not appropriately validated. This oversight allowed attackers to inject malicious scripts, potentially leading to unauthorized access or data theft. The issue has since been rectified in the latest release, underscoring the importance of keeping software updated to mitigate exposure to vulnerabilities.

Affected Version(s)

changedetection.io < 0.50.4

References

https://github.com/dgtlmoon/changedetection.io/security/a...

x_refsource_CONFIRM

https://github.com/dgtlmoon/changedetection.io/commit/3d5...

x_refsource_MISC

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Jun 18, 2025

Dgtlmoon

What is CVE-2025-52558?

Affected Version(s)

References

CVSS V4

Timeline