PT-2023-24662 · Decidim · Decidim

🗓️ 11 Jul 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 2 Views

Decidim versions before 0.26.7 and 0.27.3 have cross-site scripting in the processes filter.

Reporter	Title	Published	Views	Family All 16
CNNVD	Decidim 跨站脚本漏洞	11 Jul 202300:00	–	cnnvd
CVE	CVE-2023-34089	11 Jul 202317:36	–	cve
Cvelist	CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter	11 Jul 202317:36	–	cvelist
EUVD	EUVD-2023-1963	3 Oct 202520:07	–	euvd
Github Security Blog	Decidim Cross-site Scripting vulnerability in the processes filter	11 Jul 202322:46	–	github
NVD	CVE-2023-34089	11 Jul 202318:15	–	nvd
OSV	CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter	11 Jul 202317:36	–	osv
OSV	GHSA-5652-92R9-3FX9 Decidim Cross-site Scripting vulnerability in the processes filter	11 Jul 202322:46	–	osv
Prion	Cross site scripting	11 Jul 202318:15	–	prion
RedhatCVE	CVE-2023-34089	23 May 202505:22	–	redhatcve

Source	Link
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2023-34089.yml
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-34089.yml
osv	www.osv.dev/vulnerability/GHSA-5652-92r9-3fx9
osv	www.osv.dev/vulnerability/CVE-2023-34089
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-34089
github	www.github.com/decidim/decidim/releases/tag/v0.27.3
github	www.github.com/decidim/decidim/releases/tag/v0.26.7
github	www.github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9
github	www.github.com/decidim/decidim
github	www.github.com/decidim/decidim/releases/tag/v0.26.6

21 Jul 2023 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.1 - 8.1

EPSS0.00146

SSVC

Decidim versions Cross site scripting Processes filter Version 0.26.7 Version 0.27.3