Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-469h-mqg8-535r

GitHub Security Advisory

Decidim Cross-site Scripting vulnerability in the external link redirections

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing.

### Patches

The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3) and [v0.26.7](https://github.com/decidim/decidim/releases/tag/v0.26.7)

Affected Packages

RubyGems decidim
Affected versions: 0.25.0 (fixed in 0.26.7)
RubyGems decidim-core
Affected versions: 0.27.0 (fixed in 0.27.3)
RubyGems decidim-core
Affected versions: 0.25.0 (fixed in 0.26.7)
RubyGems decidim
Affected versions: 0.27.0 (fixed in 0.27.3)

Related CVEs

CVE-2023-32693

Key Information

GHSA ID
GHSA-469h-mqg8-535r
Published
July 11, 2023 10:47 PM
Last Modified
July 20, 2023 3:02 PM
CVSS Score
5.0 /10
Primary Ecosystem
RubyGems
Primary Package
decidim
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.