CVE-2025-52558

HIGH

Pypi Changedetection.io < 0.50.4 - XSS

Title source: rule

Description

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This issue has been patched in version 0.50.4

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hwpg-x5hw-vpv9

Patch x_refsource_misc

https://github.com/dgtlmoon/changedetection.io/commit/3d5a544ea674cfce517adcd498877a8d760d0931

View Patch ZIP pw:eip

Scores

CVSS v4 7.0

EPSS 0.0013

EPSS Percentile 32.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

dgtlmoon/changedetection.io < 0.50.4

pypi/changedetection.io 0 - 0.50.4PyPI

Published Jun 23, 2025

Tracked Since Feb 18, 2026