PT-2023-24662 · Decidim · Decidim
Alonsorossi
·
Published
2023-07-11
·
Updated
2023-07-21
·
CVE-2023-34089
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Decidim versions prior to 0.26.7
Decidim versions prior to 0.27.3
Description
The processes filter feature in Decidim is susceptible to Cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently logged-in user. This could be used to make other users endorse or support proposals they have no intention of supporting or endorsing.
Recommendations
For versions prior to 0.26.7, update to version 0.26.7 to resolve the issue.
For versions prior to 0.27.3, update to version 0.27.3 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Decidim