Decidim Security Vulnerabilities and Issues — Decidim CVE List

Lucene search

DecidimDecidim

3 matches found

CVE•added 2024/07/10 7:15 p.m.•79 views

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Par...

5.3CVSS5AI score0.00199EPSS

CVE•added 2024/07/10 7:15 p.m.•67 views

CVE-2024-27095

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

5.4CVSS4.8AI score0.0012EPSS

CVE•added 2024/07/10 7:15 p.m.•43 views

CVE-2024-32469

Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter per_page. This vulnerability is fixed in 0.27.6 and 0.28.1.

7.1CVSS6.5AI score0.00138EPSS