Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-nu9c-cnr2-h7aq
Vulnerability ID VCID-nu9c-cnr2-h7aq
Aliases CVE-2023-24769
GHSA-68wj-c2jw-5pp9
PYSEC-2023-10
Summary Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/dgtlmoon/changedetection.io
https://github.com/dgtlmoon/changedetection.io/issues/1358
https://github.com/dgtlmoon/changedetection.io/pull/1359
https://github.com/pypa/advisory-database/tree/main/vulns/changedetection-io/PYSEC-2023-10.yaml
https://www.youtube.com/watch?v=TRTpRlkU3Hc
CVE-2023-24769 https://nvd.nist.gov/vuln/detail/CVE-2023-24769
CVE-2023-24769 https://www.edoardoottavianelli.it/CVE-2023-24769
GHSA-68wj-c2jw-5pp9 https://github.com/advisories/GHSA-68wj-c2jw-5pp9
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:18:20.493038+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/changedetection-io/PYSEC-2023-10.yaml 38.6.0