changedetection-io

vulnerable: 0.38.2 ... 0.40.1.0 (43 versions)

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected i…

vulnerable: 0.39.14 ... 0.45.9 (54 versions)

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user c…

vulnerable: 0.38.2 ... 0.45.9 (80 versions)

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. …

vulnerable: 0.38.2 ... 0.45.9 (81 versions)

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in …

vulnerable: 0.38.2 ... 0.47.4 (96 versions)

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditiona…

vulnerable: 0.38.2 ... 0.47.5 (97 versions)

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a web…

vulnerable: 0.38.2 ... 0.48.4 (103 versions)

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traver…

vulnerable: 0.38.2 ... 0.50.3 (126 versions)

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered re…

vulnerable: 0.38.2 ... 0.54.6 (192 versions)

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as…

vulnerable: 0.38.2 ... 0.54.7 (193 versions)

changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost…

vulnerable: 0.38.2 ... 0.54.9 (195 versions)

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external en…

vulnerable: 0.38.2 ... 0.54.9 (196 versions)

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup resto…