CVE-2024-27095

Decidim cross-site scripting (XSS) in the admin panel

Description

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

INFO

Published Date :

2024-07-10T19:07:45.995Z

Last Modified :

2024-08-02T00:27:59.577Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-27095 vulnerability.

Vendors	Products
Decidim	Decidim

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27095.

URL	Resource
https://github.com/decidim/decidim/releases/tag/v0.27.6
https://github.com/decidim/decidim/releases/tag/v0.28.1
https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact