Decidim ≫ Decidim

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file n...

Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset...

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thr...

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any lo...

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database...

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allow...

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a...