HIGH 7.1 RubyGems
Decidim has a cross-site scripting vulnerability in the version control page
GHSA-cc4g-m3g7-xmw8 · CVE-2024-41673
Published · Modified
Description
Impact
The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL.
Workarounds
Not available
References
OWASP ASVS v4.0.3-5.1.3
Credits
This issue was discovered in a security audit organized by Open Source Politics against Decidim done during July 2025.
References
- WEB https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-41673
- WEB https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637
- PACKAGE https://github.com/decidim/decidim
- WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2024-41673.yml
Ready to move
Start Securing
Free, no credit card | First findings in minutes