The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter per_page
.
Not available
Not available
OWASP ASVS v4.0.3-5.1.3
This issue was discovered in a security audit organized by the mitgestalten Partizipationsbüro and funded by netidee against Decidim done during April 2024. The security audit was implemented by AIT Austrian Institute of Technology GmbH,