RubyGems package
decidim-admin
pkg:gem/decidim-admin
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32034 | — | < 0.27.7 | 0.27.7 | Sep 16, 2024 | decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action tha | ||
| CVE-2024-27095 | — | < 0.27.6 | 0.27.6 | Jul 10, 2024 | Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1. | ||
| CVE-2023-48220 | — | >= 0.0.1.alpha3, < 0.26.9 | 0.26.9 | Feb 20, 2024 | Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue cre |
- CVE-2024-32034Sep 16, 2024affected < 0.27.7fixed 0.27.7
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action tha
- CVE-2024-27095Jul 10, 2024affected < 0.27.6fixed 0.27.6
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.
- CVE-2023-48220Feb 20, 2024affected >= 0.0.1.alpha3, < 0.26.9fixed 0.26.9
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue cre