Description

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

Related CPE's

a

decidim

decidim

7

References

https://github.com/decidim/decidim/releases/tag/v0.27.6

Release Notes

https://github.com/decidim/decidim/releases/tag/v0.28.1

Release Notes

https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

[email protected]

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.8 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-07-10T19:15:10.407

3 months ago

Last modified

2024-08-30T12:57:40.090

1 month ago