VulnerableCode Package Details - pkg:pypi/changedetection.io@0.53.7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/changedetection.io@0.53.7

Essentials
History (1)

purl	pkg:pypi/changedetection.io@0.53.7

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-rtc8-dk2w-sqcm	changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response Three security vulnerabilities were identified in [changedetection.io](http://changedetection.io/) through source code review and live validation against a locally deployed Docker instance. All vulnerabilities were confirmed exploitable on the latest version (0.53.6) it was additionally validated at scale against 500 internet-facing instances discovered via FOFA search engine, producing 5K+ confirmed detections using a custom Nuclei template, demonstrating widespread real-world impact. The RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser parses and executes injected JavaScript.	CVE-2026-27645 GHSA-mw8m-398g-h89w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:50:52.248894+00:00	GitLab Importer	Fixing	VCID-rtc8-dk2w-sqcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/changedetection.io/CVE-2026-27645.yml	38.6.0