CVE-2024-27095

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:-:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc3:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc4:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc5:*:*:*:ruby:*:*

History

21 Nov 2024, 09:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.8
v2 : unknown
v3 : 5.4
References () https://github.com/decidim/decidim/releases/tag/v0.27.6 - Release Notes () https://github.com/decidim/decidim/releases/tag/v0.27.6 - Release Notes
References () https://github.com/decidim/decidim/releases/tag/v0.28.1 - Release Notes () https://github.com/decidim/decidim/releases/tag/v0.28.1 - Release Notes
References () https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3 - Third Party Advisory () https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3 - Third Party Advisory

30 Aug 2024, 12:57

Type Values Removed Values Added
CPE cpe:2.3:a:decidim:decidim:0.28.0:rc4:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc3:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc5:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:-:*:*:*:ruby:*:*
cpe:2.3:a:decidim:decidim:0.28.0:rc2:*:*:*:ruby:*:*
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 4.8
First Time Decidim decidim
Decidim
References () https://github.com/decidim/decidim/releases/tag/v0.27.6 - () https://github.com/decidim/decidim/releases/tag/v0.27.6 - Release Notes
References () https://github.com/decidim/decidim/releases/tag/v0.28.1 - () https://github.com/decidim/decidim/releases/tag/v0.28.1 - Release Notes
References () https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3 - () https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3 - Third Party Advisory

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Decidim es un framework de democracia participativa. El panel de administración está sujeto a un posible adjunto XSS en caso de que el atacante logre modificar algunos registros que se cargan en el servidor. Esta vulnerabilidad se solucionó en 0.27.6 y 0.28.1.

10 Jul 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-10 19:15

Updated : 2024-11-21 09:03


NVD link : CVE-2024-27095

Mitre link : CVE-2024-27095

CVE.ORG link : CVE-2024-27095


JSON object : View

Products Affected

decidim

  • decidim
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')