CVE-2026-27645 Scanner

Changedetection.io is a popular tool used across various domains to track changes to web pages. Businesses, developers, and individuals utilize it to monitor updates on sites they follow, facilitating timely actions based on these updates. It offers functionality to receive alerts via different channels, including RSS feeds. This software is favored for its ease of integration, flexibility, and capability to handle multiple websites or pages simultaneously. While predominantly used for monitoring, its usage extends to applications such as website maintenance checks, SEO tracking, and competitive intelligence collections. Users appreciate its ability to streamline monitoring tasks by alerting them immediately to changes of interest.

Cross-Site Scripting (XSS) is a prevalent vulnerability found in many web applications allowing attackers to execute arbitrary JavaScript in the user's browser. This vulnerability can jeopardize user data by executing malicious scripts. Exploit of such a vulnerability could lead to session hijacking, unauthorized actions, or data theft when users are tricked into visiting crafted URLs. It's critical because even with low user interaction, the risks associated with XSS can scale with the severity of the resulting client-side execution. Effective mitigation involves careful validation and escaping of user input to prevent script execution.

The vulnerability in changedetection.io is located in the reflection of the UUID path parameter in the RSS single-watch endpoint. Attackers exploit this by embedding malicious scripts within URLs to deceive a user into executing these scripts. The primary vulnerability endpoint at risk is the RSS function, which does not sanitize the input reflecting alongside execution contexts. Proper sanitization and escaping of these parameters is crucial in preventing arbitrary script execution through this channel. This particular vulnerability was identified in versions preceding 0.54.1, where the absence of proper input validation facilitates this exploit.

When exploited, this Cross-Site Scripting vulnerability can lead to significant user account compromises or unauthorized actions executed within the context of a user's session. Attackers can impersonate users, access sensitive information, or engage in actions that comprise client-side security and integrity. It's imperative for application administrators to recognize the severe implications of this vulnerability, prioritizing updates and patches to mitigate potential security breaches. This issue highlights the importance of robust security practices around input validation and output encoding preventing client-side compromises.

REFERENCES

• https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w
• https://github.com/dgtlmoon/changedetection.io/commit/a385c89abf44b52fcfa20c7c6a6dd3047c4c1eb5
• https://nvd.nist.gov/vuln/detail/CVE-2026-27645