Decidim

Decidim

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2026-23891

  • EPSS 0.06%
  • Veröffentlicht 13.04.2026 17:16:28
  • Zuletzt bearbeitet 17.04.2026 15:38:09

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user...

6.5

CVE-2025-65017

  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 15:16:12
  • Zuletzt bearbeitet 23.02.2026 17:32:33

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. Th...

5.4

CVE-2024-45594

  • EPSS 0.29%
  • Veröffentlicht 13.11.2024 17:15:10
  • Zuletzt bearbeitet 14.02.2025 16:35:51

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.

7.1

CVE-2024-41673

  • EPSS 0.42%
  • Veröffentlicht 01.10.2024 15:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.

4.8

CVE-2024-39910

  • EPSS 0.63%
  • Veröffentlicht 16.09.2024 19:16:10
  • Zuletzt bearbeitet 29.09.2024 00:33:03

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being u...

4.8

CVE-2024-32034

  • EPSS 0.57%
  • Veröffentlicht 16.09.2024 19:16:10
  • Zuletzt bearbeitet 29.09.2024 00:14:35

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal...

5.3

CVE-2024-27090

  • EPSS 0.28%
  • Veröffentlicht 10.07.2024 19:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource,...

7.1

CVE-2024-32469

  • EPSS 0.49%
  • Veröffentlicht 10.07.2024 19:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.

4.8

CVE-2024-27095

  • EPSS 0.28%
  • Veröffentlicht 10.07.2024 19:15:10
  • Zuletzt bearbeitet 21.11.2024 09:03:50

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

3.1

CVE-2023-47634

  • EPSS 0.29%
  • Veröffentlicht 29.02.2024 01:41:28
  • Zuletzt bearbeitet 14.02.2025 17:29:55

Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement....