XSS Vulnerability in Decidim Framework Affects Meeting Embeds
CVE-2024-45594
Currently unrated
What is CVE-2024-45594?
The Decidim framework, designed for participatory democracy, is susceptible to a Cross-Site Scripting (XSS) attack via its meeting embeds feature. An attacker could exploit this vulnerability by crafting and disseminating a malformed URL, potentially compromising user data and session integrity during online or hybrid meetings. This issue has been addressed in versions 0.28.3 and 0.29.0 of the framework.