8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
43.9%
decidim is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of user-input sanitization in external link redirections, which allows an attacker to inject and execute arbitrary JavaScript into the browser.
CPE | Name | Operator | Version |
---|---|---|---|
decidim-core | le | 0.27.2 | |
decidim-core | le | 0.26.5 | |
decidim-core | le | 0.27.2 | |
decidim-core | le | 0.26.5 |
github.com/advisories/GHSA-469h-mqg8-535r
github.com/decidim/decidim/commit/550e86e237f8a4bc48bf5a8f204336a77c8cad4c
github.com/decidim/decidim/commit/7537b44ad0846890786b08cb4d001f45555612ae
github.com/decidim/decidim/releases/tag/v0.26.6
github.com/decidim/decidim/releases/tag/v0.26.7
github.com/decidim/decidim/releases/tag/v0.27.3
github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r