CVE-2026-29038
- Source
- https://cve.org/CVERecord?id=CVE-2026-29038
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29038.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-29038
- Aliases
- Published
- 2026-03-06T06:53:56.959Z
- Modified
- 2026-04-10T05:41:26.908880Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- changedetection.io: Reflected XSS in RSS Tag Error Response
- Details
-
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting (XSS) vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The tag_uuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser parses and executes injected JavaScript. This issue has been patched in version 0.54.4.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29038.json" }- References
-
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29038.json
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8whx-v8qq-pq64
- https://nvd.nist.gov/vuln/detail/CVE-2026-29038
- https://github.com/dgtlmoon/changedetection.io/commit/ec7d56f85d1e9690fca7cb4711c1fb20dffec780
Affected packages
Git / github.com/dgtlmoon/changedetection.io
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dgtlmoon/changedetection.io
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1
0.11
0.12
0.2
0.21
0.22
0.23
0.24
0.25
0.26
0.27
0.28
0.29
0.30
0.31
0.32
0.33
0.34
0.35
0.37
0.38
0.38.1
0.38.2
0.39
0.39.1
0.39.10
0.39.11
0.39.12
0.39.13
0.39.13.1
0.39.14
0.39.15
0.39.16
0.39.17
0.39.17.1
0.39.17.2
0.39.18
0.39.19
0.39.19.1
0.39.2
0.39.20
0.39.20.1
0.39.20.2
0.39.20.3
0.39.20.4
0.39.21
0.39.21.1
0.39.22
0.39.22.1
0.39.3
0.39.4
0.39.5
0.39.6
0.39.7
0.39.8
0.39.9
0.40.0
0.40.0.2
0.40.0.3
0.40.0.4
0.40.1.0
0.40.1.1
0.40.2
0.40.3
0.41
0.41.1
0.42
0.42.1
0.42.2
0.42.3
0.43
0.43.1
0.43.2
0.44
0.44.1
0.44.2
0.45
0.45.1
0.45.10
0.45.12
0.45.13
0.45.14
0.45.15
0.45.16
0.45.17
0.45.18
0.45.19
0.45.2
0.45.20
0.45.21
0.45.22
0.45.23
0.45.24
0.45.25
0.45.26
0.45.3
0.45.4
0.45.5
0.45.6
0.45.7
0.45.7.1
0.45.7.2
0.45.7.3
0.45.8
0.45.8.1
0.45.9
0.46.00
0.46.01
0.46.02
0.46.03
0.46.04
0.47.00
0.47.01
0.47.03
0.47.04
0.47.05
0.47.06
0.48.00
0.48.01
0.48.03
0.48.04
0.48.05
0.48.06
0.49.0
0.49.1
0.49.10
0.49.11
0.49.12
0.49.13
0.49.14
0.49.15
0.49.16
0.49.17
0.49.18
0.49.2
0.49.3
0.49.4
0.49.5
0.49.6
0.49.7
0.49.8
0.49.9
0.50.01
0.50.1
0.50.10
0.50.11
0.50.12
0.50.13
0.50.14
0.50.15
0.50.16
0.50.17
0.50.18
0.50.19
0.50.2
0.50.20
0.50.21
0.50.22
0.50.23
0.50.24
0.50.25
0.50.26
0.50.27
0.50.28
0.50.29
0.50.3
0.50.30
0.50.31
0.50.32
0.50.33
0.50.34
0.50.35
0.50.37
0.50.38
0.50.39
0.50.4
0.50.40
0.50.41
0.50.42
0.50.43
0.50.5
0.50.6
0.50.7
0.50.8
0.50.9
0.51.00
0.51.01
0.51.1
0.51.2
0.51.3
0.51.4
0.52.1
0.52.2
0.52.3
0.52.4
0.52.5
0.52.7
0.52.8
0.52.9
0.53.1
0.53.2
0.53.3
0.53.4
0.53.5
0.53.6
0.53.7
0.54.1
0.54.2
0.54.3