CVE-2026-29038

Medium CVSS: 6.1

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting (XSS) vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The tag_uuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser parses and executes injected JavaScript. This issue has been patched in version 0.54.4.

Vendor

Webtechnologies

Product

Changedetection

CWE

CWE-79

Yayın Tarihi

2026-03-06 07:16:01

Güncelleme

2026-03-10 19:38:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Changedetection MEDIUM Webtechnologies 2026

Referanslar

https://github.com/dgtlmoon/changedetection.io/commit/ec7d56f85d1e9690fca7cb4711c1fb20dffec780 https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4 https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8whx-v8qq-pq64

Benzer Kayıtlar

High

CVE-2026-33981

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include…

High

CVE-2026-29065

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerabili…

High

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io…

Medium

CVE-2026-27645

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-wat…

High

CVE-2026-27696

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io…

Medium

CVE-2026-25527

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static//` ro…