CVE-2024-34061

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published May 2, 2024

CWE ID 79

Summary

CVE-2024-34061 is a reflected XSS vulnerability affecting changedetection.io, a free open source web page change detection service. The issue lies in the lack of input validation for the notification_urls parameter, allowing attackers to inject malicious JavaScript code. This vulnerability can lead to unintended execution of attacker-supplied scripts. Version 0.45.22 addresses this issue and users are strongly advised to upgrade as soon as possible. Unfortunately, there are no known workarounds for this vulnerability other than upgrading to a patched version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vr_O2x
https://www.cve.org/CVERecord?id=CVE-2024-34061
https://nvd.nist.gov/vuln/detail/CVE-2024-34061

Back to Vulnerability Database

CVE-2024-34061

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations