Changedetection Io
Monthly
Arbitrary local file disclosure in ChangeDetection.io versions before 0.54.7 allows authenticated attackers to read sensitive files from the server filesystem by exploiting incomplete XPath function blocklist. The vulnerability stems from unblocked XPath 3.0/3.1 functions like json-doc() that bypass SafeXPath3Parser protections. EPSS score of 0.05% indicates low likelihood of widespread exploitation. No public exploit identified at time of analysis, though the flaw was reported by VulnCheck with vendor patch released in version 0.54.7.
Arbitrary local file disclosure in ChangeDetection.io versions before 0.54.7 allows authenticated attackers to read sensitive files from the server filesystem by exploiting incomplete XPath function blocklist. The vulnerability stems from unblocked XPath 3.0/3.1 functions like json-doc() that bypass SafeXPath3Parser protections. EPSS score of 0.05% indicates low likelihood of widespread exploitation. No public exploit identified at time of analysis, though the flaw was reported by VulnCheck with vendor patch released in version 0.54.7.