CVE-2025-62780 is a stored cross-site scripting vulnerability identified in the open-source web page change detection tool changedetection.io, specifically in versions prior to 0.50.34. The vulnerability stems from insufficient input validation and sanitization in the Watch update API, which allows an attacker with authenticated access to insert or modify watch URLs to include JavaScript payloads. There are two main exploitation scenarios: first, an attacker creates a new watch with an arbitrary URL that initially points to a legitimate web page, then updates the URL to a malicious JavaScript payload; second, an attacker modifies an existing watch's URL to a JavaScript payload. When a user with access previews the watch and clicks the malicious link, the embedded JavaScript executes in the user's browser context, potentially leading to session hijacking, credential theft, or other client-side attacks. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 3.5, reflecting low severity due to the requirement for authenticated access, user interaction, and the limited scope of impact (confidentiality and integrity only, no availability impact). The issue was publicly disclosed on November 10, 2025, and fixed in version 0.50.34. No known exploits in the wild have been reported to date. The vulnerability highlights the importance of robust input validation and output encoding in web applications, especially those that allow user-generated content or URL manipulation.

For European organizations using changedetection.io, this vulnerability poses a risk primarily to users with authenticated access who can create or modify watches. Exploitation could lead to client-side script execution, enabling attackers to steal session tokens, perform actions on behalf of users, or conduct phishing attacks within the context of the affected application. Although the CVSS score is low, the impact on confidentiality and integrity can be significant if sensitive data or credentials are exposed. The vulnerability does not affect system availability but could undermine user trust and lead to further compromise if attackers leverage the XSS to escalate privileges or move laterally. Organizations relying on changedetection.io for monitoring critical web content should consider the risk of targeted attacks, especially in environments where multiple users have watch modification privileges. The threat is more pronounced in sectors with high-value targets such as finance, government, or critical infrastructure monitoring, where attackers might seek to exploit trust relationships or gain footholds via client-side attacks.

To mitigate CVE-2025-62780, European organizations should immediately upgrade changedetection.io to version 0.50.34 or later, where the vulnerability is patched. Additionally, implement strict access controls to limit watch creation and modification privileges to trusted users only. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Conduct regular security audits and code reviews focusing on input validation and output encoding, especially for user-supplied data. Educate users about the risks of clicking untrusted links within the application interface. If upgrading is not immediately feasible, consider disabling the preview functionality or restricting it to a minimal set of trusted users. Monitor application logs for suspicious watch creation or modification activities that could indicate exploitation attempts. Finally, integrate web application firewalls (WAFs) that can detect and block XSS payloads targeting the application.