← Back

CVE-2024-27095

nvd nist
Published: Jul 10, 2024Modified: Nov 21, 2024

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD

Description

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

Affected (7)

Products: Decidim: Decidim
Decidim
1 product
Decidim
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Decidim
Decidim
Before 0.27.6
Decidim
Version 0.28.0
Decidim
Version 0.28.0 rc1
Decidim
Version 0.28.0 rc2
Decidim
Version 0.28.0 rc3
Decidim
Version 0.28.0 rc4
Decidim
Version 0.28.0 rc5

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.