Security Advisory

CVE-2026-27645

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-25 04:06:58

Last updated 2026-02-25 14:55:58

Assigner GitHub_M

State PUBLISHED

Description

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser parses and executes injected JavaScript. Version 0.54.1 contains a fix for the issue.

← Browse all CVEs View on cve.org ↗