Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-e3ht-w8xh-5fdf
Vulnerability ID VCID-e3ht-w8xh-5fdf
Aliases CVE-2024-32034
GHSA-rx9f-5ggv-5rh6
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00567 https://api.first.org/data/v1/epss?cve=CVE-2024-32034
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-rx9f-5ggv-5rh6
cvssv3.1 6.8 https://github.com/decidim/decidim
cvssv4 6.0 https://github.com/decidim/decidim
generic_textual MODERATE https://github.com/decidim/decidim
cvssv3.1 6.8 https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
cvssv4 6.0 https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
generic_textual MODERATE https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
ssvc Track https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
cvssv3.1 6.8 https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
cvssv4 6.0 https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
generic_textual MODERATE https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
ssvc Track https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
cvssv3.1 6.8 https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
cvssv4 6.0 https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
generic_textual MODERATE https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
ssvc Track https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
cvssv3.1 6.8 https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
cvssv4 6.0 https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
generic_textual MODERATE https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
ssvc Track https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
cvssv3 6.8 https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
cvssv3.1 6.8 https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
cvssv3.1_qr MODERATE https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
cvssv4 6.0 https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
generic_textual MODERATE https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
ssvc Track https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
cvssv3.1 6.8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
cvssv4 6.0 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
cvssv3.1 6.8 https://nvd.nist.gov/vuln/detail/CVE-2024-32034
cvssv4 6.0 https://nvd.nist.gov/vuln/detail/CVE-2024-32034
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-32034
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-32034
https://github.com/decidim/decidim
https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
CVE-2024-32034 https://nvd.nist.gov/vuln/detail/CVE-2024-32034
CVE-2024-32034.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
GHSA-rx9f-5ggv-5rh6 https://github.com/advisories/GHSA-rx9f-5ggv-5rh6
GHSA-rx9f-5ggv-5rh6 https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/decidim/decidim
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://github.com/decidim/decidim
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:59:49Z/ Found at https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:59:49Z/ Found at https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:59:49Z/ Found at https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:59:49Z/ Found at https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:59:49Z/ Found at https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-32034
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-32034
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68818
EPSS Score 0.00567
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T22:39:36.002945+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0