RubyGems - decidim-admin - Versions - 0.28.1 - Mend

decidim-admin 0.28.1

1 security vulnerability found in version 0.28.1

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log

high severity CVE-2024-32034

Patched versions: ~> 0.27.7, >= 0.28.2

Impact

The admin panel is subject to potential XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted.

Patches

N/A

Workarounds

Redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. /admin/organization/edit)

References

OWASP ASVS v4.0.3-5.1.3

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.