CVE-2024-32034

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32034
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32034.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32034
Aliases
Published
2024-09-16T19:16:10Z
Modified
2024-09-18T00:49:43.883816Z
Summary
[none]
Details

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. /admin/organization/edit).

References

Affected packages

Git / github.com/decidim/decidim

Affected ranges

Type
GIT
Repo
https://github.com/decidim/decidim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
23fc8d702a4976727f78617f5e42353d67931645
Fixed
9d79f09a2d38c87feb28725670d6cc1f55c22072
Fixed
e494235d559be13dd1f8694345e6f6bba762d1c0
Fixed
ff755e23814aeb56e9089fc08006a5d3faee47b6

Affected versions

v0.*

v0.0.1
v0.0.1.alpha
v0.0.1.alpha1
v0.0.1.alpha2
v0.0.1.alpha3
v0.0.1.alpha4
v0.0.1.alpha5
v0.0.1.alpha6
v0.0.1.alpha7
v0.0.1.alpha8
v0.0.1.alpha9
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.8.1
v0.1.0
v0.2.0
v0.20.0
v0.27.0
v0.27.0.rc1
v0.27.1
v0.27.2
v0.27.3
v0.27.4
v0.27.5
v0.27.6
v0.28.0
v0.28.0.rc1
v0.28.0.rc2
v0.28.0.rc3
v0.28.0.rc4
v0.28.0.rc5
v0.28.1
v0.3.0
v0.4.0
v0.5.0