Vulnerability Description
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webtechnologies | Changedetection | < 0.40.1.1 |
Related Weaknesses (CWE)
References
- https://github.com/dgtlmoon/changedetection.io/issues/1358ExploitVendor Advisory
- https://www.edoardoottavianelli.it/CVE-2023-24769
- https://www.youtube.com/watch?v=TRTpRlkU3HcExploit
- https://github.com/dgtlmoon/changedetection.io/issues/1358ExploitVendor Advisory
- https://www.edoardoottavianelli.it/CVE-2023-24769
- https://www.youtube.com/watch?v=TRTpRlkU3HcExploit
FAQ
What is CVE-2023-24769?
CVE-2023-24769 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts o...
How severe is CVE-2023-24769?
CVE-2023-24769 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24769?
Check the references section above for vendor advisories and patch information. Affected products include: Webtechnologies Changedetection.