GHSA-7cx8-44pc-xv3q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7cx8-44pc-xv3q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-7cx8-44pc-xv3q/GHSA-7cx8-44pc-xv3q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7cx8-44pc-xv3q
- Aliases
-
- CVE-2024-32469
- Published
- 2024-07-10T15:43:39Z
- Modified
- 2024-07-24T14:17:23.437557Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N CVSS Calculator
- Summary
- Decidim cross-site scripting (XSS) in the pagination
- Details
-
Impact
The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter
per_page.Patches
Not available
Workarounds
Not available
References
OWASP ASVS v4.0.3-5.1.3
Credits
This issue was discovered in a security audit organized by the mitgestalten Partizipationsbüro and funded by netidee against Decidim done during April 2024. The security audit was implemented by AIT Austrian Institute of Technology GmbH,
- References
-
- https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q
- https://nvd.nist.gov/vuln/detail/CVE-2024-32469
- https://github.com/decidim/decidim
- https://github.com/decidim/decidim/releases/tag/v0.27.6
- https://github.com/decidim/decidim/releases/tag/v0.28.1
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2024-32469.yml
Affected packages
RubyGems / decidim
Package
- Name
- decidim
- Purl
- pkg:gem/decidim
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.27.6
Affected versions
0.*
0.0.1.alpha1
0.0.1.alpha2
0.0.1.alpha3
0.0.1.alpha4
0.0.1.alpha5
0.0.1.alpha6
0.0.1.alpha7
0.0.1.alpha8
0.0.1.alpha9
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8.1
0.1.0
0.2.0
0.3.0
0.3.1
0.3.2
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9.0
0.9.1
0.9.2
0.9.3
0.10.0
0.10.1
0.11.0.pre1
0.11.1
0.11.2
0.12.0.pre
0.12.0
0.12.1
0.12.2
0.13.0.pre1
0.13.0
0.13.1
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.18.0
0.18.1
0.19.0
0.19.1
0.20.0
0.20.1
0.21.0
0.22.0
0.23.0
0.23.1.rc1
0.23.1
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.24.0.rc1
0.24.0.rc2
0.24.0
0.24.1
0.24.2
0.24.3
0.25.0.rc1
0.25.0.rc2
0.25.0.rc3
0.25.0.rc4
0.25.0
0.25.1
0.25.2
0.26.0.rc2
0.26.0
0.26.1
0.26.2
0.26.3
0.26.4
0.26.5
0.26.7
0.26.8
0.26.9
0.26.10
0.27.0.rc1
0.27.0.rc2
0.27.0
0.27.1
0.27.2
0.27.3
0.27.4
0.27.5
RubyGems / decidim
Package
- Name
- decidim
- Purl
- pkg:gem/decidim