2 matches found
CVE-2023-51447
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...
CVE-2023-51447
Decidim core is affected by a Cross-site Scripting (XSS) in the dynamic file upload feature. Affected versions are 0.27.0 up to but not including 0.27.5 and 0.28.0. The vulnerability arises when an attacker can modify the file names in the records uploaded to the server, exploiting the dynamic up...