4 matches found
EUVD-2024-2872
Malicious code in bioql PyPI...
CVE-2024-32034
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admi...
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Impact The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. Workarounds Disable the creation of meetings by participants in the meeting component. References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a...
GHSA-VVQW-FQWX-MQMM Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Impact The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. Patches N/A Workarounds Review the user accounts tha...