Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-j4h6-gcj7-7v9v: decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds

Impact

The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.

Patches

Not available

Workarounds

Disable the creation of meetings by participants in the meeting component.

References

OWASP ASVS v4.0.3-5.1.3

Credits

This issue was discovered in a security audit organized by mitgestalten Partizipationsbüro against Decidim. The security audit was implemented by the Austrian Institute of Technology.

ghsa
#xss#vulnerability#git#ruby
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-45594

decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds

Moderate severity GitHub Reviewed Published Nov 13, 2024 in decidim/decidim • Updated Nov 13, 2024

Package

bundler decidim-meetings (RubyGems)

Affected versions

>= 0.28.0, < 0.28.3

Impact

The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.

Patches

Not available

Workarounds

Disable the creation of meetings by participants in the meeting component.

References

OWASP ASVS v4.0.3-5.1.3

Credits

This issue was discovered in a security audit organized by mitgestalten Partizipationsbüro against Decidim. The security audit was implemented by the Austrian Institute of Technology.

References

  • GHSA-j4h6-gcj7-7v9v

Published to the GitHub Advisory Database

Nov 13, 2024

Last updated

Nov 13, 2024

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager