Home > Vulnerability Database > CVE-2024-27095

Mend.io Vulnerability Database

CVE-2024-27095

Good to know:

Date: July 10, 2024

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.

Language: Ruby

Severity Score

5.4

Related Resources (7)

Url: https://github.com/decidim/decidim/releases/tag/v0.27.6

Url: https://github.com/decidim/decidim/releases/tag/v0.28.1

Url: https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3

Url: https://github.com/decidim/decidim

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27095

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-27095.yml

Url: https://www.mend.io/vulnerability-database/CVE-2024-27095

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version decidim-admin - 0.27.6,0.28.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27095

Good to know:

Date: July 10, 2024

Language: Ruby

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?