decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds

GHSA-j4h6-gcj7-7v9v · CVE-2024-45594

Published Nov 13, 2024 · Modified Nov 13, 2024

Description

Impact

The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.

Patches

Not available

Workarounds

Disable the creation of meetings by participants in the meeting component.

References

OWASP ASVS v4.0.3-5.1.3

Credits

This issue was discovered in a security audit organized by mitgestalten Partizipationsbüro against Decidim. The security audit was implemented by the Austrian Institute of Technology.

References

WEB https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-45594
PACKAGE https://github.com/decidim/decidim

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes