Description

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

Related CPE's

a

decidim

decidim

7

References

https://github.com/decidim/decidim/releases/tag/v0.27.6

Release Notes

https://github.com/decidim/decidim/releases/tag/v0.28.1

Release Notes

https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3

Third Party Advisory

https://github.com/decidim/decidim/releases/tag/v0.27.6

Release Notes

https://github.com/decidim/decidim/releases/tag/v0.28.1

Release Notes

https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-79

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-07-10T17:15:10.407Z

1 year ago

Last modified

2024-11-21T08:03:50.910Z

1 year ago