Decidim Fixes XSS Vulnerability in Admin Panel
CVE-2024-27095

4.8MEDIUM

Key Information:

Vendor: Decidim
Status: Decidim
Vendor: CVE Published:; 10 July 2024

What is CVE-2024-27095?

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

Affected Version(s)

decidim < 0.27.6 < 0.27.6

decidim >= 0.28.0.rc1, < 0.28.1 < 0.28.0.rc1, 0.28.1

References

https://github.com/decidim/decidim/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/decidim/decidim/releases/tag/v0.27.6

x_refsource_MISC

https://github.com/decidim/decidim/releases/tag/v0.28.1

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Feb 19, 2024