CVE-2025-52558
HIGHchangedetection.io < 0.50.4 - Cross-Site Scripting via Filter Error Handling
Title source: llmDescription
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This issue has been patched in version 0.50.4
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hwpg-x5hw-vpv9
Scores
CVSS v4
7.0
EPSS
0.0052
EPSS Percentile
40.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
dgtlmoon/changedetection.io
< 0.50.4
pypi/changedetection.io
0 - 0.50.4PyPI
Published
Jun 23, 2025
Tracked Since
Feb 18, 2026