Decidim Security Vulnerabilities and Issues — Decidim CVE List

Lucene search

DecidimDecidim

3 matches found

CVE•added 2024/07/10 7:15 p.m.•68 views

CVE-2024-27095

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

5.4CVSS4.8AI score0.00206EPSS

CVE•added 2024/02/20 6:15 p.m.•66 views

CVE-2023-47635

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the sessio...

5.7CVSS4.6AI score0.00105EPSS

CVE•added 2024/09/16 7:16 p.m.•20 views

CVE-2024-39910

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to ch...

5.4CVSS4.9AI score0.00244EPSS