Опубликовано: 01 окт. 2024
Источник: github
Github: Прошло ревью
CVSS4: 7.1
CVSS3: 7.1
Описание
Decidim has a cross-site scripting vulnerability in the version control page
Impact
The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL.
Workarounds
Not available
References
OWASP ASVS v4.0.3-5.1.3
Credits
This issue was discovered in a security audit organized by Open Source Politics against Decidim done during July 2025.
Пакеты
Наименование
decidim
rubygems
Затронутые версииВерсия исправления
<= 0.27.7
0.27.8
Связанные уязвимости
CVSS3: 7.1
nvd
больше 1 года назад
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.