-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
CVE-2023-34089.yml
28 lines (25 loc) · 1.15 KB
/
CVE-2023-34089.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
---
gem: decidim
cve: 2023-34089
ghsa: 5652-92r9-3fx9
url: https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9
title: Decidim Cross-site Scripting vulnerability in the processes filter
date: 2023-07-11
description: |
### Impact
The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing.
### Patches
The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3) and [v0.26.6](https://github.com/decidim/decidim/releases/tag/v0.26.6)
cvss_v3: 8.1
unaffected_versions:
- "< 0.14.0"
patched_versions:
- "~> 0.26.6"
- ">= 0.27.3"
related:
url:
- https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9
- https://nvd.nist.gov/vuln/detail/CVE-2023-34089
- https://github.com/decidim/decidim/releases/tag/v0.26.6
- https://github.com/decidim/decidim/releases/tag/v0.27.3
- https://github.com/advisories/GHSA-5652-92r9-3fx9