Decidim 跨站脚本漏洞

Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.6 and earlier and 0.28.1 and earlier, which stems from a cross-site scripting attack in the administrator panel if an...

CVE-2024-32469 Decidim has cross-site scripting (XSS) in the pagination

Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. This vulnerability is fixed in 0.27.6 and 0.28.1...

CVE-2024-32469 Decidim has cross-site scripting (XSS) in the pagination

Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. This vulnerability is fixed in 0.27.6 and 0.28.1...

CVE-2024-27095 Decidim cross-site scripting (XSS) in the admin panel

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1...

CVE-2024-27095 Decidim cross-site scripting (XSS) in the admin panel

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

GHSA-QCJ6-VXWX-4RQV Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

PT-2024-24596 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.6 Decidim versions prior to 0.28.1 Description: The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter per page. This issue was...

PT-2024-21646 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.6 Decidim versions prior to 0.28.1 Description: Decidim is a participatory democracy framework. The admin panel is subject to potential cross-site scripting XSS attack in case the attacker manages to modify some...

Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches Version 0.27.6...