CVE-2024-41673

HIGH

Published 2024-10-01T14:58:34.521Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-41673. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.1

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.251

Higher than 25.1% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Description

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

decidim

Affected Versions:

< 0.27.8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Decidim has a cross-site scripting vulnerability in the version control page

GHSA-cc4g-m3g7-xmw8

Advisory Details

### Impact The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL. ### Workarounds Not available ### References OWASP ASVS v4.0.3-5.1.3 ### Credits This issue was discovered in a security audit organized by [Open Source Politics](https://opensourcepolitics.eu/) against Decidim done during July 2025.

Affected Packages

RubyGems decidim

ECOSYSTEM: ≥0 <0.27.8

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

References

WEB https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-41673

WEB https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637

PACKAGE https://github.com/decidim/decidim

WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2024-41673.yml

Advisory provided by GitHub Security Advisory Database. Published: October 1, 2024, Modified: October 3, 2024

References

https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8

https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637

Published: 2024-10-01T14:58:34.521Z

Last Modified: 2024-10-01T17:47:27.814Z

Copied to clipboard!

CVE-2024-41673

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

decidim

Affected Versions:

GitHub Security Advisories

Decidim has a cross-site scripting vulnerability in the version control page

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!