Homepage
About Snyk

changedetection.io@0.45.21 vulnerabilities

Website change detection and monitoring service, detect changes to web pages and send alerts/notifications.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the changedetection.io package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-Site Scripting (XSS)

changedetection.io is a Website change detection and monitoring service

Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) due to improper sanitization of user input in the notification_urls parameter. An attacker can inject malicious scripts into the web page, which are executed in the context of the user's browser session when the malicious URL is visited, or malicious POST data is submitted.

How to fix Cross-Site Scripting (XSS)?

Upgrade changedetection.io to version 0.45.22 or higher.

[,0.45.22)
Go back to all versions of this package