PT-2023-24662 · Decidim · Decidim
Alonsorossi
·
Publicado
2023-07-11
·
Atualizado
2023-07-21
·
CVE-2023-34089
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Decidim versions prior to 0.26.7
Decidim versions prior to 0.27.3
Description
The processes filter feature in Decidim is susceptible to Cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently logged-in user. This could be used to make other users endorse or support proposals they have no intention of supporting or endorsing.
Recommendations
For versions prior to 0.26.7, update to version 0.26.7 to resolve the issue.
For versions prior to 0.27.3, update to version 0.27.3 to resolve the issue.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Decidim