CVE-2024-32034: Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
(updated )
The admin panel is subject to potential XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted.
References
- github.com/advisories/GHSA-rx9f-5ggv-5rh6
- github.com/decidim/decidim
- github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645
- github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072
- github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0
- github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6
- github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6
- github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-admin/CVE-2024-32034.yml
- nvd.nist.gov/vuln/detail/CVE-2024-32034
Code Behaviors & Features
Detect and mitigate CVE-2024-32034 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →