CVE-2023-24769

Name of the Vulnerable Software and Affected Versions Changedetection.io versions prior to 0.40.1.1

Description The issue is related to a stored cross-site scripting (XSS) vulnerability in the main page of Changedetection.io. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.

Recommendations For versions prior to 0.40.1.1, update to version 0.40.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Add a new change detection watch" function to minimize the risk of exploitation. Avoid using the URL parameter in the affected function until the issue is resolved.