Home > Vulnerability Database > CVE-2023-32693

Mend.io Vulnerability Database

CVE-2023-32693

Good to know:

Date: July 11, 2023

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.

Language: Ruby

Severity Score

8.1

Related Resources (8)

Url: https://github.com/decidim/decidim/releases/tag/v0.26.7

Url: https://github.com/decidim/decidim/releases/tag/v0.27.3

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32693

Url: https://github.com/decidim/decidim

Url: https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-32693.yml

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2023-32693.yml

Url: https://www.mend.io/vulnerability-database/CVE-2023-32693

Severity Score

8.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version decidim - 0.26.6,0.27.3;decidim-core - 0.26.6,0.27.3

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32693

Good to know:

Date: July 11, 2023

Language: Ruby

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?