XSS Vulnerability in Decidim Framework Affects Meeting Embeds

CVE-2024-45594

What is CVE-2024-45594?

The Decidim framework, designed for participatory democracy, is susceptible to a Cross-Site Scripting (XSS) attack via its meeting embeds feature. An attacker could exploit this vulnerability by crafting and disseminating a malformed URL, potentially compromising user data and session integrity during online or hybrid meetings. This issue has been addressed in versions 0.28.3 and 0.29.0 of the framework.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References