Alonsorossi

**Name of the Vulnerable Software and Affected Versions** Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 **Description** The processes filter feature in Decidim is susceptible to Cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently logged-in user. This could be used to make other users endorse or support proposals they have no intention of supporting or endorsing. **Recommendations** For versions prior to 0.26.7, update to version 0.26.7 to resolve the issue. For versions prior to 0.27.3, update to version 0.27.3 to resolve the issue.