CVE-2024-45594: decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds

November 13, 2024

The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.

References

github.com/advisories/GHSA-j4h6-gcj7-7v9v
github.com/decidim/decidim
github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v
nvd.nist.gov/vuln/detail/CVE-2024-45594

Detect and mitigate CVE-2024-45594 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →