Lucene search
+L

Cross-site Scripting (XSS)

🗓️ 18 Apr 2026 05:38:17Reported by Veracode Vulnerability DatabaseType 
veracode
 veracode
🔗 sca.analysiscenter.veracode.com👁 14 Views

Decidim is vulnerable to cross-site scripting due to improper user name sanitization, enabling code execution when pages viewed.

Related
Detection
Refs
Vulners
Node
OR
decidim-coredecidim-coreRange0.15.00.30.4ruby
decidim-coredecidim-coreRange0.31.0.rc10.31.0ruby
decidim-coredecidim-coreMatch0.31.0.rc1ruby
decidim-coredecidim-coreMatch0.31.0.rc2ruby
decidim-coredecidim-coreMatch0.0.1.alpha1ruby
decidim-coredecidim-coreMatch0.0.1.alpha2ruby
decidim-coredecidim-coreMatch0.0.1.alpha3ruby
decidim-coredecidim-coreMatch0.0.1.alpha4ruby
decidim-coredecidim-coreMatch0.0.1.alpha5ruby
decidim-coredecidim-coreMatch0.0.1.alpha6ruby
decidim-coredecidim-coreMatch0.0.1.alpha7ruby
decidim-coredecidim-coreMatch0.0.1.alpha8ruby
decidim-coredecidim-coreMatch0.0.1.alpha9ruby
decidim-coredecidim-coreMatch0.0.8.1ruby
decidim-coredecidim-coreMatch0.11.0.pre1ruby
decidim-coredecidim-coreMatch0.12.0.preruby
decidim-coredecidim-coreMatch0.13.0.pre1ruby
decidim-coredecidim-coreMatch0.23.1.rc1ruby
decidim-coredecidim-coreMatch0.24.0.rc1ruby
decidim-coredecidim-coreMatch0.24.0.rc2ruby
decidim-coredecidim-coreMatch0.25.0.rc1ruby
decidim-coredecidim-coreMatch0.25.0.rc2ruby
decidim-coredecidim-coreMatch0.25.0.rc3ruby
decidim-coredecidim-coreMatch0.25.0.rc4ruby
decidim-coredecidim-coreMatch0.26.0.rc1ruby
decidim-coredecidim-coreMatch0.26.0.rc2ruby
decidim-coredecidim-coreMatch0.26.10ruby
decidim-coredecidim-coreMatch0.27.0.rc1ruby
decidim-coredecidim-coreMatch0.27.0.rc2ruby
decidim-coredecidim-coreMatch0.27.10ruby
decidim-coredecidim-coreMatch0.28.0.rc4ruby
decidim-coredecidim-coreMatch0.28.0.rc5ruby
decidim-coredecidim-coreMatch0.29.0.rc1ruby
decidim-coredecidim-coreMatch0.29.0.rc2ruby
decidim-coredecidim-coreMatch0.29.0.rc3ruby
decidim-coredecidim-coreMatch0.29.0.rc4ruby
decidim-coredecidim-coreMatch0.30.0.rc1ruby
decidim-coredecidim-coreMatch0.30.0.rc2ruby
decidim-coredecidim-coreMatch0.30.0.rc3ruby
decidim-coredecidim-coreRange0.0.1.alpha10.30.4ruby

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Jul 2026 22:15Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.18.7
CVSS 49.3
EPSS0.00356
SSVC
14