PT-2023-23967 · Decidim · Decidim

🗓️ 11 Jul 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity🔗 dbugs.ptsecurity.com👁 3 Views

Decidim external link vulnerability enables cross site scripting in a logged in user and may cause unintended endorsements; affects versions before 0.26.7 and before 0.27.3.

Reporter	Title	Published	Views	Family All 17
Circl	CVE-2023-32693	11 Jul 202322:35	–	circl
CNNVD	Decidim 跨站脚本漏洞	11 Jul 202300:00	–	cnnvd
CVE	CVE-2023-32693	11 Jul 202317:19	–	cve
Cvelist	CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections	11 Jul 202317:19	–	cvelist
EUVD	EUVD-2023-1946	3 Oct 202520:07	–	euvd
Github Security Blog	Decidim Cross-site Scripting vulnerability in the external link redirections	11 Jul 202322:47	–	github
NVD	CVE-2023-32693	11 Jul 202318:15	–	nvd
OSV	CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections	11 Jul 202317:19	–	osv
OSV	GHSA-469H-MQG8-535R Decidim Cross-site Scripting vulnerability in the external link redirections	11 Jul 202322:47	–	osv
Prion	Cross site scripting	11 Jul 202318:15	–	prion

Source	Link
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2023-32693.yml
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-32693.yml
osv	www.osv.dev/vulnerability/CVE-2023-32693
osv	www.osv.dev/vulnerability/GHSA-469h-mqg8-535r
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-32693
github	www.github.com/decidim/decidim/releases/tag/v0.27.3
github	www.github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r
github	www.github.com/decidim/decidim/releases/tag/v0.26.7
github	www.github.com/decidim/decidim
t	www.t.me/cibsecurity/66424

21 Jul 2023 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.1 - 8.1

EPSS0.00227

SSVC