CVE-2023-32693
Summary
| CVE | CVE-2023-32693 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-11 18:15:00 UTC |
| Updated | 2023-07-21 17:16:00 UTC |
| Description | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v0.27.3 · decidim/decidim · GitHub | MISC | github.com | |
| Cross-site scripting (XSS) in the external link redirections · Advisory · decidim/decidim · GitHub | MISC | github.com | |
| Release v0.26.7 · decidim/decidim · GitHub | MISC | github.com | |
| Release v0.26.6 · decidim/decidim · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.