35 matches found
EUVD-2024-0744
Malicious code in bioql PyPI...
EUVD-2024-2253
Malicious code in bioql PyPI...
EUVD-2023-1946
Malicious code in bioql PyPI...
EUVD-2024-3017
Malicious code in bioql PyPI...
CVE-2024-45594 Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0...
CVE-2024-45594
CVE-2024-45594 affects the Decidim framework, specifically the online/hybrid meeting embeds feature. A cross-site scripting (XSS) flaw can be triggered via a malformed URL in the meeting embeds code. The vulnerability is fixed in Decidim releases 0.28.3 and 0.29.0. If you use decidim-meetings, up...
CVE-2024-41673
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...
CVE-2024-41673
CVE-2024-41673 affects the Decidim framework; a cross-site scripting (XSS) vulnerability exists in the version-control feature used for resources. The issue is observable across multiple Decidim components referenced in connected docs (e.g., decidim-debates, decidim-initiatives, decidim-proposals...
CVE-2024-41673 Decidim has a cross-site scripting vulnerability in the version control page
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...
CVE-2024-32034
Summary: CVE-2024-32034 is a cross-site scripting (XSS) vulnerability in the Decidim admin activity log when an admin assigns a valuator to a proposal or performs an action that creates an admin log with an XSS payload. Affected versions: Decidim before 0.27.7 and before 0.28.2 (with fixes in 0.2...
CVE-2024-27095
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1...
CVE-2024-27090
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...
CVE-2024-32469
Decidim core/package suffers an XSS vulnerability in pagination via the GET parameter per_page. Affected versions include older Decidim releases; the issue is mitigated by upgrading to at least 0.27.6 or 0.28.1 (or higher). Public docs from Red Hat, GitHub advisories, and CVE references confirm t...
CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...
CVE-2024-27090
CVE-2024-27090 affects the Decidim framework (Ruby on Rails). A vulnerability exists where an attacker who can infer the slug or URL of an unpublished/private resource that is embeddable (e.g., a Participatory Process, Assembly, Proposal, Result) could access data from that resource. The issue is...
CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...
CVE-2023-47634
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...
CVE-2023-48220
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the deviseinvitable gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable...
CVE-2023-51447
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...
Cross site request forgery (csrf)
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...