CVE-2025-52558 HIGH

CVE-2025-52558: ChangeDetection.io XSS in watch overview

Vendor Dgtlmoon
Product changedetection.io
Weakness CWE-79 · XSS
Published June 23, 2025
Last update June 24, 2025

CVSS base score

7.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This issue has been patched in version 0.50.4

Key dates

02Disclosure timeline

June 23, 2025 CVE published
June 24, 2025 Record updated