CVE-2024-27095

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27095

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27095.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-27095

Aliases

GHSA-529p-jj47-w3m3

Published

2024-07-10T19:07:45Z

Modified

2025-10-30T20:25:16.910676Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N CVSS Calculator

Summary

Decidim cross-site scripting (XSS) in the admin panel

Details

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/decidim/decidim

Affected ranges

Type

GIT

Repo

https://github.com/decidim/decidim

Events

Introduced

Fixed

928259cd7f5711b70d71d2d7b14a260b4d74afdd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.27.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/decidim/decidim

Events

Introduced

588ea89bdffb6afca9af7ecdda0848cb36b1ccef

Fixed

e1d4ac47979572676737df5b52bbabe7e3b844f7

Database specific

{
    "versions": [
        {
            "introduced": "0.28.0.rc1"
        },
        {
            "fixed": "0.28.1"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.1.alpha

v0.0.1.alpha1

v0.0.1.alpha2

v0.0.1.alpha3

v0.0.1.alpha4

v0.0.1.alpha5

v0.0.1.alpha6

v0.0.1.alpha7

v0.0.1.alpha8

v0.0.1.alpha9

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.8.1

v0.1.0

v0.2.0

v0.20.0

v0.27.0

v0.27.0.rc1

v0.27.1

v0.27.2

v0.27.3

v0.27.4

v0.27.5

v0.28.0

v0.28.0.rc1

v0.28.0.rc2

v0.28.0.rc3

v0.28.0.rc4

v0.28.0.rc5

v0.3.0

v0.4.0

v0.5.0