CVE-2024-41673

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

CVE-2023-47635

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

Decidim security breach

Decidim is a participatory democracy framework, written in Ruby on Rails. A security vulnerability exists in Decidim 0.27.5 and earlier versions, which stems from the possibility of a cross-site scripting XSS attack on the admin panel if an attacker manages to modify some records being uploaded t...

CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...