CVE-2025-52558 is a high-severity cross-site scripting (XSS) vulnerability affecting versions of changedetection.io prior to 0.50.4. changedetection.io is an open-source web page change detection and notification service used to monitor website content changes, restock availability, and other page updates. The vulnerability arises from improper neutralization of input during web page generation, specifically in the handling of errors in filters applied to website page change detection watches. Prior to patching, these error messages were not properly sanitized, allowing malicious actors to inject and execute arbitrary JavaScript code within the context of the application. This XSS flaw does not require authentication (AT:N) but does require user interaction (UI:A), such as a user viewing a crafted page or error message. The vulnerability has a CVSS 4.0 base score of 7.0, indicating a high severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), and no privileges required (PR:N). The impact primarily affects the confidentiality and integrity of the application (VA:H), with limited impact on availability (VC:L) and no impact on integrity or availability of the system itself. The vulnerability was patched in version 0.50.4 of changedetection.io. There are no known exploits in the wild at the time of publication. The root cause is classified under CWE-79, which involves improper neutralization of input during web page generation, a common vector for XSS attacks. This vulnerability could allow attackers to execute malicious scripts in the browsers of users interacting with the vulnerable changedetection.io instance, potentially leading to session hijacking, credential theft, or unauthorized actions within the application context.

For European organizations using changedetection.io versions prior to 0.50.4, this vulnerability poses a significant risk to the confidentiality and integrity of user data and session information. Since changedetection.io is often used to monitor critical web resources such as restock notifications or website changes, exploitation could lead to unauthorized disclosure of sensitive information or manipulation of monitoring results. The XSS vulnerability could be leveraged to perform phishing attacks, steal authentication tokens, or inject malicious payloads targeting users within the organization. Given that no authentication is required to exploit the vulnerability, any user or external attacker who can induce a user to interact with a crafted error message or manipulated filter could trigger the attack. This risk is heightened in environments where changedetection.io is integrated with internal tools or dashboards, potentially exposing internal users to malicious scripts. The impact on availability is limited, but the potential for data compromise and unauthorized actions makes this a high-risk vulnerability. Additionally, organizations relying on changedetection.io for compliance monitoring or critical alerting could face operational disruptions if attackers manipulate the monitoring data.

1. Immediate upgrade to changedetection.io version 0.50.4 or later to apply the official patch addressing the XSS vulnerability. 2. Implement strict Content Security Policy (CSP) headers on the changedetection.io deployment to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 3. Sanitize and validate all user-supplied inputs and error messages at the application level, even beyond the official patch, to ensure no residual injection vectors remain. 4. Restrict access to the changedetection.io interface to trusted users and networks using network segmentation and access controls, minimizing exposure to external attackers. 5. Monitor application logs and user activity for unusual patterns indicative of XSS exploitation attempts, such as unexpected script execution or anomalous filter inputs. 6. Educate users on the risks of interacting with suspicious links or error messages within the changedetection.io interface. 7. If feasible, deploy web application firewalls (WAF) with rules tuned to detect and block XSS payloads targeting changedetection.io. 8. Regularly audit and update all third-party dependencies and open-source components to ensure timely application of security patches.