decidim-admin 0.27.6

1 security vulnerability found in version 0.27.6

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log

high severity CVE-2024-32034
high severity CVE-2024-32034
Patched versions: ~> 0.27.7, >= 0.28.2

Impact

The admin panel is subject to potential XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted.

Patches

N/A

Workarounds

Redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. /admin/organization/edit)

References

OWASP ASVS v4.0.3-5.1.3

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.