11 matches found
Decidim 跨站脚本漏洞
Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.6 and earlier and 0.28.1 and earlier, which stems from a cross-site scripting attack in the administrator panel if an...
CVE-2024-32469 Decidim has cross-site scripting (XSS) in the pagination
Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. This vulnerability is fixed in 0.27.6 and 0.28.1...
CVE-2024-27095 Decidim cross-site scripting (XSS) in the admin panel
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1...
Decidim vulnerable to data disclosure through the embed feature
Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
GHSA-QCJ6-VXWX-4RQV Decidim vulnerable to data disclosure through the embed feature
Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
Decidim vulnerable to data disclosure through the embed feature
Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches Version 0.27.6...