changedetection.io <= 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction [已公开] id: CVE-2025-62780 info: name: ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API author: 0x_Akoko severity: medium description: | changedetection.io <= 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction impact: | Attackers can execute arbitrary JavaScript in users' browsers, potentially stealing data or performing actions on behalf of the user. remediation: | Update to version 0.50.34 or later. reference: - https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4c3j-3h7v-22q9 - https://nvd.nist.gov/vuln/detail/CVE-2025-62780 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N cvss-score: 6.2 cve-id: CVE-2025-62780 epss-score: 0.00232 epss-percentile: 0.45691 cwe-id: CWE-79 metadata: max-request: 4 verified: tr

未知