PT-2023-23967 · Decidim · Decidim
P-
·
Published
2023-07-11
·
Updated
2023-07-21
·
CVE-2023-32693
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Decidim versions prior to 0.26.7
Decidim versions prior to 0.27.3
Description
The external link feature in Decidim is susceptible to cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently logged-in user. This could be used to make other users endorse or support proposals they have no intention of supporting or endorsing.
Recommendations
For versions prior to 0.26.7, update to version 0.26.7 or later.
For versions prior to 0.27.3, update to version 0.27.3 or later.
As a temporary workaround, consider restricting the use of the external link feature until a patch is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Decidim