9 matches found
EUVD-2024-0624
Malicious code in bioql PyPI...
CVE-2023-47635
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...
GHSA-F3QM-VFC3-JG6V Possible CSRF attack at questionnaire templates preview
Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...
Possible CSRF attack at questionnaire templates preview
Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...
CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...
PT-2024-13465 · Decidim · Decidim
Name of the Vulnerable Software and Affected Versions: Decidim versions 0.23.0 through 0.27.4 Decidim versions 0.28.0 before the fix Description: Decidim is a participatory democracy framework. The CSRF authenticity token check is disabled for the questionnaire templates preview, which may allow...
Decidim security breach
Decidim is a participatory democracy framework written in Ruby on Rails. A security vulnerability exists in Decidim versions 0.23.0 through 0.27.4, which stems from a possible cross-site request forgery attack in the questionnaire templates preview...
Possible CSRF attack at questionnaire templates preview
Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...
SAQ Enables Users to Pick and Choose Questions for Custom Templates
Qualys Security Assessment Questionnaire SAQ has been enhanced with new features for questionnaire templates, which enable customers to choose questions that they want to include in their campaigns. The new Question Bank option in the SAQ Template Editor provides users with a repository of...