Home > Vulnerability Database > CVE-2025-52558

Mend.io Vulnerability Database

CVE-2025-52558

Good to know:

Date: June 23, 2025

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This issue has been patched in version 0.50.4

Severity Score

7.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-52558

Url: https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hwpg-x5hw-vpv9

Url: https://github.com/dgtlmoon/changedetection.io

Url: https://github.com/dgtlmoon/changedetection.io/commit/3d5a544ea674cfce517adcd498877a8d760d0931

Url: https://www.mend.io/vulnerability-database/CVE-2025-52558

Severity Score

7.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version changedetection.io - 0.50.4;changedetection.io - 0.50.4;changedetection-io - 0.50.4;https://github.com/dgtlmoon/changedetection.io.git - 0.50.4

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-52558

Good to know:

Date: June 23, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?