Decidim Cross-site Scripting vulnerability in the processes filter
CVE-2023-34089
8.1HIGH
What is CVE-2023-34089?
The Decidim framework, a Ruby on Rails-based participatory democracy tool, has a Cross-Site Scripting vulnerability within its processes filter feature. This vulnerability enables malicious remote attackers to execute arbitrary JavaScript code in the browser session of logged-in users. As a result, attackers could manipulate users into endorsing proposals or actions without their consent. This issue has been addressed in versions 0.27.3 and 0.26.7, making it crucial for users to upgrade to these patched versions to safeguard against potential exploitation.
Affected Version(s)
decidim >= 0.14.0, < 0.26.7 < 0.14.0, 0.26.7
decidim >= 0.27.0, < 0.27.3 < 0.27.0, 0.27.3