CVE-2025-62780: changedetection.io: Stored XSS in Watch update via API
A Stored Cross Site Scripting is present in the changedetection.io Watch update API due to unsufficient security checks.
References
- github.com/advisories/GHSA-4c3j-3h7v-22q9
- github.com/dgtlmoon/changedetection.io
- github.com/dgtlmoon/changedetection.io/issues/3562
- github.com/dgtlmoon/changedetection.io/pull/3564
- github.com/dgtlmoon/changedetection.io/releases/tag/0.50.34
- github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9
- nvd.nist.gov/vuln/detail/CVE-2025-62780
Code Behaviors & Features
Detect and mitigate CVE-2025-62780 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →