Lucene search
K

4 matches found

NVD
NVD
added 2024/10/01 3:15 p.m.45 views

CVE-2024-41673

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

7.1CVSS0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/10 6:25 p.m.67 views

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
Prion
Prion
added 2024/02/20 6:15 p.m.18 views

Cross site request forgery (csrf)

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

2.8CVSS7.3AI score0.00313EPSS
Exploits0References8
OSV
OSV
added 2023/10/06 11:56 a.m.24 views

CVE-2023-36465 Decidim has broken access control in templates

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

9.1CVSS7.2AI score0.00541EPSS
Exploits0References5
Rows per page
Query Builder