CVE-2024-41673

Name of the Vulnerable Software and Affected Versions Decidim versions prior to 0.27.8

Description The version control feature in Decidim is subject to a potential cross-site scripting (XSS) attack through a malformed URL. This issue was discovered during a security audit organized by Open Source Politics against Decidim in July 2025.

Recommendations For versions prior to 0.27.8, update to version 0.27.8 to resolve the issue. As a temporary workaround, consider restricting access to the version control feature until the update is applied.