Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-5652-92r9-3fx9

GitHub Security Advisory

Decidim Cross-site Scripting vulnerability in the processes filter

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact

The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing.

### Patches

The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3) and [v0.26.7](https://github.com/decidim/decidim/releases/tag/v0.26.7)

Affected Packages

RubyGems decidim
Affected versions: 0.14.0 (fixed in 0.26.7)
RubyGems decidim
Affected versions: 0.27.0 (fixed in 0.27.3)
RubyGems decidim-core
Affected versions: 0.14.0 (fixed in 0.26.7)
RubyGems decidim-core
Affected versions: 0.27.0 (fixed in 0.27.3)

Related CVEs

CVE-2023-34089

Key Information

GHSA ID
GHSA-5652-92r9-3fx9
Published
July 11, 2023 10:46 PM
Last Modified
July 18, 2023 7:10 PM
CVSS Score
7.5 /10
Primary Ecosystem
RubyGems
Primary Package
decidim
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.