Community-powered
vulnerability scanning
Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.
16k+
Stars on Github
700+
Nuclei contributors
7k+
Templates created
50M+
Monthly scans
Put Nuclei
to work
Packed with helpful features for individual and professional users.
Web Applications
Identify common web vulnerabilities with an active library of community-powered templates.
Infrastructure
Audit server configurations, open ports, and services for security issues.
API Testing
Test APIs with an active library of known vulnerabilities and misconfigurations.
CI/CD
Integrates into CI/CD pipelines to minimize vulnerability resurface into production.
Cloud
Scan cloud environments and infrastructure for misconfigurations and vulnerabilities.
Database Assessment
Scan databases for vulnerabilities, insecure configurations, and access control issues.
AUTOMATION
Automate
checks
and compliance
Identify trending exploitable vulnerabilities.
1id: CVE-2024-34061
2info:
3 name: Changedetection.io <=v0.45.21 - Cross-Site Scripting
4 author: ritikchaddha
5 severity: medium
6 description: |
7 Changedetection.io is a free open source web page change detection,
8 website watcher, restock monitor and notification service.
9 In affected versions Input in parameter notification_urls is not processed
10 resulting in javascript execution in the application. A reflected XSS
11 vulnerability happens when the user input from
12 a URL or POST data is reflected on the page without being stored, thus allowing
13 the attacker to inject malicious content.
14 This issue has been addressed in version 0.45.22. Users are advised to upgrade.
15 There are no known workarounds for this vulnerability.
16 reference:
17 - https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-pwgc-w4x9-gw67
18 - https://nvd.nist.gov/vuln/detail/CVE-2024-34061
19 classification:
20 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
21 cvss-score: 4.3
22 cve-id: CVE-2024-34061
23 cwe-id: CWE-79
Trusted by thousands
of developers
Learn, collaborate, and contribute with the community.
Bad Sector Labs
badsectorlabsThis is a tweet
STOK
stokfredrikThis is a tweet
Jason Haddix
JhaddixThis is a tweet
OnSecurity
WeAreOnSecurityThis is a tweet
Bishop Fox
bishopfoxThis is a tweet
Bishop Fox
bishopfoxThis is a tweet
Bad Sector Labs
badsectorlabsThis is a tweet
STOK
stokfredrikThis is a tweet
Jason Haddix
JhaddixThis is a tweet
OnSecurity
WeAreOnSecurityThis is a tweet
Bishop Fox
bishopfoxThis is a tweet
Bishop Fox
bishopfoxThis is a tweet