Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-34061 PoC — changedetection.io 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-34061.yaml
Associated Vulnerability
Title:changedetection.io 安全漏洞 (CVE-2024-34061)
Description:changedetection.io是dgtlmoon个人开发者的一个网站变更检测、监控和通知应用程序。 ChangeDetection.io 0.45.22之前版本存在安全漏洞,该漏洞源于存在反射型跨站脚本漏洞,允许攻击者注入恶意JavaScript内容。
Description
Changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.
File Snapshot

 id: CVE-2024-34061

info:
  name: Changedetection.io <=v0.45.21 - Cross-Site Scripting
  author: rit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.