HIGH🇵🇱 Wersja polska

CVE-2024-45594

CVSS 7.7v3.1pub. 2024-11-13upd. 2025-02-28

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
  • Decidim

    APP
    Decidim
    0.28.0 – 0.28.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2026-23891CRITICAL9.3PL ✓ten sam produkt

Stored XSS w polu nazwy użytkownika Decidim umożliwia zdalne wykonanie kodu

CVE-2023-36465CRITICAL9.1ten sam produkt

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...

CVE-2026-40869HIGH7.5ten sam produkt

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0....

CVE-2025-65017HIGH8.2ten sam produkt

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 t...

CVE-2023-34090HIGH7.5ten sam produkt

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...