Decidim

Decidim

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-40869

  • EPSS 0.22%
  • Veröffentlicht 21.04.2026 19:08:28
  • Zuletzt bearbeitet 23.04.2026 16:08:50

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have c...

7.5

CVE-2026-40870

  • EPSS 0.29%
  • Veröffentlicht 21.04.2026 19:06:09
  • Zuletzt bearbeitet 22.04.2026 21:08:48

Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level `commentable` field in the API allows access to all commentable resources within the platform, without any permission ch...

8.7

CVE-2026-23891

  • EPSS 0.36%
  • Veröffentlicht 13.04.2026 17:16:28
  • Zuletzt bearbeitet 22.04.2026 16:40:25

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user...

6.5

CVE-2025-65017

  • EPSS 0.26%
  • Veröffentlicht 03.02.2026 15:16:12
  • Zuletzt bearbeitet 23.02.2026 17:32:33

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. Th...

5.4

CVE-2024-45594

  • EPSS 0.24%
  • Veröffentlicht 13.11.2024 17:15:10
  • Zuletzt bearbeitet 14.02.2025 16:35:51

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.

7.1

CVE-2024-41673

  • EPSS 0.39%
  • Veröffentlicht 01.10.2024 15:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.

4.8

CVE-2024-39910

  • EPSS 0.26%
  • Veröffentlicht 16.09.2024 19:16:10
  • Zuletzt bearbeitet 29.09.2024 00:33:03

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being u...

4.8

CVE-2024-32034

  • EPSS 0.35%
  • Veröffentlicht 16.09.2024 19:16:10
  • Zuletzt bearbeitet 29.09.2024 00:14:35

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal...

4.8

CVE-2024-27095

  • EPSS 0.34%
  • Veröffentlicht 10.07.2024 19:15:10
  • Zuletzt bearbeitet 21.11.2024 09:03:50

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

7.1

CVE-2024-32469

  • EPSS 0.42%
  • Veröffentlicht 10.07.2024 19:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.