CVE-2024-32469

EUVD-2024-2286
Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
decidimdecidim
𝑥
< 0.27.6
CNA
Common Weakness Enumeration
References
https://github.com/decidim/decidim/releases/tag/v0.27.6
https://github.com/decidim/decidim/releases/tag/v0.28.1
https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q
https://github.com/decidim/decidim/releases/tag/v0.27.6
https://github.com/decidim/decidim/releases/tag/v0.28.1
https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q