Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

Decidim Cross-Site Scripting Vulnerability

Decidim is a participatory democracy framework written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.0 through 0.27.5 and 0.28.0, which stems from a cross-site scripting vulnerability in the dynamic file upload feature...