PT-2024-24369 · Decidim · Decidim

🗓️ 16 Sep 2024 00:00:00Reported by Positive TechnologiesType

Decidim admin panel XSS when assigning valuator or logging actions; upgrade versions or redirect admin pages.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-32034	16 Sep 202422:03	–	circl
CNNVD	Decidim 跨站脚本漏洞	16 Sep 202400:00	–	cnnvd
CVE	CVE-2024-32034	16 Sep 202418:38	–	cve
Cvelist	CVE-2024-32034 Cross-site scripting (XSS) in the decidim admin activity log	16 Sep 202418:38	–	cvelist
EUVD	EUVD-2024-2872	3 Oct 202520:07	–	euvd
Github Security Blog	Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log	16 Sep 202417:17	–	github
NVD	CVE-2024-32034	16 Sep 202419:16	–	nvd
OSV	CVE-2024-32034 Cross-site scripting (XSS) in the decidim admin activity log	16 Sep 202418:38	–	osv
OSV	GHSA-RX9F-5GGV-5RH6 Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log	16 Sep 202417:17	–	osv
RedhatCVE	CVE-2024-32034	23 May 202510:34	–	redhatcve

Source	Link
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
github	www.github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
github	www.github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
github	www.github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
github	www.github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
github	www.github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
osv	www.osv.dev/vulnerability/CVE-2024-32034
osv	www.osv.dev/vulnerability/GHSA-rx9f-5ggv-5rh6
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-32034
github	www.github.com/decidim/decidim

29 Sep 2024 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.14.8 - 6.8

EPSS0.00567

SSVC