Moderate severityNVD Advisory· Published Nov 13, 2024· Updated Nov 13, 2024

Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds

CVE-2024-45594

Description

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
decidim-meetingsRubyGems	>= 0.28.0, < 0.28.3	0.28.3

Affected products

Decidim/Decidimv5
Range: >= 0.28.0, < 0.28.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-j4h6-gcj7-7v9vghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-45594ghsaADVISORY
github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9vghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000