Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.9 views

CVE-2023-36465

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

9.1CVSS6.7AI score0.00541EPSS
Exploits0
NVD
NVD
added 2024/07/10 7:15 p.m.50 views

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/10 6:25 p.m.67 views

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
OSV
OSV
added 2024/07/10 6:25 p.m.33 views

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS6.5AI score0.00492EPSS
Exploits0References6
NVD
NVD
added 2023/10/06 12:15 p.m.31 views

CVE-2023-36465

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

9.1CVSS9.2AI score0.00541EPSS
Exploits0References3
Prion
Prion
added 2023/10/06 12:15 p.m.23 views

Security feature bypass

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

5.5CVSS6.8AI score0.00541EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/06 11:56 a.m.25 views

CVE-2023-36465 Decidim has broken access control in templates

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

9.1CVSS7.2AI score0.00541EPSS
Exploits0References5
Prion
Prion
added 2023/07/11 6:15 p.m.16 views

Cross site scripting

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

5.8CVSS6.1AI score0.00816EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/11 5:36 p.m.41 views

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

8.1CVSS8.1AI score0.00736EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/11 5:29 p.m.39 views

CVE-2023-34090 Decidim vulnerable to sensitive data disclosure

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

7.5CVSS7.7AI score0.0125EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/11 5:19 p.m.34 views

CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

8.1CVSS7.9AI score0.00816EPSS
Exploits0References3
Rows per page
Query Builder