Stored Cross Site Scripting Vulnerability in changedetection.io by dgtlmoon
CVE-2025-62780

3.5LOW

Key Information:

Vendor: Dgtlmoon
Status: Changedetection.io
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-62780?

A stored cross site scripting vulnerability exists in the Watch update API of changedetection.io, due to inadequate security measures. This flaw allows attackers to insert a harmful JavaScript payload into the watch URL. Users inadvertently execute this script by clicking on a preview of a modified or newly added watch. The issue is patched in version 0.50.34, emphasizing the importance of updating to the latest version to mitigate potential threats.

Affected Version(s)

changedetection.io < 0.50.34

References

https://github.com/dgtlmoon/changedetection.io/security/a...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Oct 22, 2025

JSON

Dgtlmoon

What is CVE-2025-62780?

Affected Version(s)

References

CVSS V3.1

Timeline