Search for packages
| purl | pkg:gem/decidim-core@0.14.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8vnm-acnm-h3e5
Aliases: CVE-2023-34089 GHSA-5652-92r9-3fx9 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:45:20.286848+00:00 | GitLab Importer | Affected by | VCID-8vnm-acnm-h3e5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/decidim-core/CVE-2023-34089.yml | 38.6.0 |