Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:NDecidim
APPDecidim0.28.0 – 0.28.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2026-23891CRITICAL9.3PL ✓ten sam produkt
Stored XSS w polu nazwy użytkownika Decidim umożliwia zdalne wykonanie kodu
CVE-2023-36465CRITICAL9.1ten sam produkt
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...
CVE-2026-40869HIGH7.5ten sam produkt
Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0....
CVE-2025-65017HIGH8.2ten sam produkt
Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 t...
CVE-2023-34090HIGH7.5ten sam produkt
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...