CVE-2025-52558: 
Python vulnerability analysis and mitigation

changedetection.io, a free open source web page change detection and website monitoring service, was found to contain a cross-site scripting (XSS) vulnerability tracked as CVE-2025-52558. The vulnerability was discovered in June 2025 and affected all versions prior to 0.50.4. The issue stemmed from improper filtering of error texts generated by website page change detection watches (GitHub Advisory, NVD).

The vulnerability occurred in the watch overview functionality where error messages were not being properly sanitized before being displayed to users. The issue received a CVSS v4.0 base score of 7.0 (High) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N, indicating it was exploitable over the network with low attack complexity but requiring user interaction (GitHub Advisory).

The vulnerability could allow attackers to execute cross-site scripting (XSS) attacks through specially crafted error messages. This could potentially lead to unauthorized access to user data, session hijacking, or other client-side attacks. The CVSS metrics indicate low impact on confidentiality, no impact on integrity, but high impact on availability of the vulnerable system (Wiz).

The vulnerability has been patched in version 0.50.4 of changedetection.io. Users are advised to upgrade to this version or later to address the security issue. The fix involves proper implementation of error message filtering and sanitization (GitHub Commit).