Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02OHdqLWMyanctNXBwOc4AAxuG
Stored cross site scripting in changedetection.io
Changedetection.io before 0.40.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
Permalink: https://github.com/advisories/GHSA-68wj-c2jw-5pp9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OHdqLWMyanctNXBwOc4AAxuG
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: 11 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-68wj-c2jw-5pp9, CVE-2023-24769
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-24769
- https://github.com/dgtlmoon/changedetection.io/issues/1358
- https://www.edoardoottavianelli.it/CVE-2023-24769
- https://github.com/dgtlmoon/changedetection.io/pull/1359
- https://github.com/advisories/GHSA-68wj-c2jw-5pp9
Blast Radius: 1.0
Affected Packages
pypi:changedetection.io
Dependent packages: 0Dependent repositories: 0
Downloads: 4,063 last month
Affected Version Ranges: < 0.40.2
Fixed in: 0.40.2
All affected versions: 0.38.2, 0.39.1, 0.39.2, 0.39.3, 0.39.4, 0.39.5, 0.39.6, 0.39.7, 0.39.8, 0.39.9, 0.39.10, 0.39.11, 0.39.12, 0.39.13, 0.39.14, 0.39.15, 0.39.16, 0.39.17, 0.39.18, 0.39.19, 0.39.20, 0.39.21, 0.39.22, 0.40.0
All unaffected versions: 0.40.2, 0.40.3, 0.41.1, 0.42.1, 0.42.2, 0.42.3, 0.43.1, 0.43.2, 0.44.1, 0.45.1, 0.45.2, 0.45.3, 0.45.4, 0.45.5, 0.45.6, 0.45.7, 0.45.8, 0.45.9, 0.45.11, 0.45.12, 0.45.13, 0.45.14, 0.45.15, 0.45.16, 0.45.17, 0.45.18, 0.45.19, 0.45.20, 0.45.21, 0.45.22