CVE-2025-62780

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.50.34

Description A Stored Cross Site Scripting issue exists in changedetection.io’s Watch update API due to inadequate security checks. An attacker can insert a new watch with a URL pointing to a web page, then modify the URL to include a JavaScript payload. Alternatively, an attacker can replace the URL in an existing watch with a JavaScript payload. When a user previews the malicious link, the JavaScript code is executed. This impacts the application's ability to securely handle user-provided URLs.

Recommendations Update to version 0.50.34 or later.