Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. This issue has been fixed in versions 0.30.5 and 0.31.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XDecidim
APPDecidim< 0.30.50.31.0 – 0.31.1 (bez)
Related vulnerabilities
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...
Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0....
Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 t...
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetin...
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...