Описание
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Impact
The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.
Patches
Not available
Workarounds
Disable the creation of meetings by participants in the meeting component.
References
OWASP ASVS v4.0.3-5.1.3
Credits
This issue was discovered in a security audit organized by mitgestalten Partizipationsbüro against Decidim. The security audit was implemented by the Austrian Institute of Technology.
Пакеты
decidim-meetings
>= 0.28.0, < 0.28.3
0.28.3
Связанные уязвимости
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.