Headline
GHSA-5652-92r9-3fx9: Decidim Cross-site Scripting vulnerability in the processes filter
Impact
The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing.
Patches
Decidim Cross-site Scripting vulnerability in the processes filter
High severity GitHub Reviewed Published Jul 11, 2023 in decidim/decidim • Updated Jul 11, 2023
Related news
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.6.