CVE-2024-34061: changedetection.io Cross-site Scripting vulnerability
Input in parameter notification_urls is not processed resulting in javascript execution in the application
References
- github.com/advisories/GHSA-pwgc-w4x9-gw67
- github.com/dgtlmoon/changedetection.io
- github.com/dgtlmoon/changedetection.io/blob/0.45.21/changedetectionio/forms.py
- github.com/dgtlmoon/changedetection.io/commit/c0f000b1d1ce03733460805dbbedde445fe2c762
- github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-pwgc-w4x9-gw67
- nvd.nist.gov/vuln/detail/CVE-2024-34061
Detect and mitigate CVE-2024-34061 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →