decidim-admin 0.27.6
1 security vulnerability
found in version
0.27.6
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
high severity CVE-2024-32034
high severity
CVE-2024-32034
Patched versions:
~> 0.27.7
, >= 0.28.2
Impact
The admin panel is subject to potential XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted.
Patches
N/A
Workarounds
Redirect the pages /admin and /admin/logs to other admin pages
to prevent this access (i.e. /admin/organization/edit
)
References
OWASP ASVS v4.0.3-5.1.3
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.