GHSA-hwpg-x5hw-vpv9

Опубликовано: 23 июн. 2025

Источник: github

Github: Прошло ревью

CVSS4: 7

Описание

ChangeDetection.io XSS in watch overview

Impact

XSS - Errors in filters from website page change detection watches were not being filtered.

Patches

0.50.4

Ссылки

Пакеты

Наименование

changedetection.io

pip

Затронутые версииВерсия исправления

<= 0.50.3

0.50.4

EPSS

Процентиль: 5%

0.00022

Низкий

7 High

CVSS4

CVE ID

CVE-2025-52558

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-52558

nvd

8 месяцев назад

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This issue has been patched in version 0.50.4

EPSS

Процентиль: 5%

0.00022

Низкий

7 High

CVSS4

CVE ID

CVE-2025-52558

Дефекты

CWE-79