CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview

🗓️ 20 Feb 2024 16:45:39Reported by GoogleType

osv

osv🔗 osv.dev👁 6 Views

Decidim CSRF token issue in versions 0.23.0 to 0.27.5 and 0.28.0, fixed in later versions.

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2023-47635	20 Feb 202419:27	–	circl
CNNVD	Decidim security breach	20 Feb 202400:00	–	cnnvd
CVE	CVE-2023-47635	20 Feb 202416:45	–	cve
Cvelist	CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview	20 Feb 202416:45	–	cvelist
EUVD	EUVD-2024-0624	3 Oct 202520:07	–	euvd
Github Security Blog	Possible CSRF attack at questionnaire templates preview	20 Feb 202418:03	–	github
NVD	CVE-2023-47635	20 Feb 202418:15	–	nvd
OSV	GHSA-F3QM-VFC3-JG6V Possible CSRF attack at questionnaire templates preview	20 Feb 202418:03	–	osv
Prion	Cross site request forgery (csrf)	20 Feb 202418:15	–	prion
Positive Technologies	PT-2024-13465 · Decidim · Decidim	20 Feb 202400:00	–	ptsecurity

Source	Link
github	www.github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb
github	www.github.com/decidim/decidim/releases/tag/v0.27.5
github	www.github.com/decidim/decidim/releases/tag/v0.28.0
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2023/47xxx/CVE-2023-47635.json
github	www.github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-47635
github	www.github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660
github	www.github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac
github	www.github.com/decidim/decidim/pull/11743
github	www.github.com/decidim/decidim/pull/6247

10 Apr 2026 05:04Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.14.5

EPSS0.00105

cve 2023 47635 decidim security csrf token version vulnerabilities information access software fix