CVE-2024-41673: Decidim has a cross-site scripting vulnerability in the version control page
(updated )
The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL.
References
- github.com/advisories/GHSA-cc4g-m3g7-xmw8
- github.com/decidim/decidim
- github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637
- github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8
- github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2024-41673.yml
- nvd.nist.gov/vuln/detail/CVE-2024-41673
Detect and mitigate CVE-2024-41673 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →