Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-7cx8-44pc-xv3q

GitHub Security Advisory

Decidim cross-site scripting (XSS) in the pagination

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`.

### Patches

Not available

### Workarounds

Not available

### References

OWASP ASVS v4.0.3-5.1.3

### Credits

This issue was discovered in a security audit organized by the [mitgestalten Partizipationsbüro](https://partizipationsbuero.at/) and funded by [netidee](https://www.netidee.at/) against Decidim done during April 2024. The security audit was implemented by [AIT Austrian Institute of Technology GmbH](https://www.ait.ac.at/),

Affected Packages

RubyGems decidim
Affected versions: 0 (fixed in 0.27.6)
RubyGems decidim
Affected versions: 0.28.0.rc1 (fixed in 0.28.1)

Related CVEs

CVE-2024-32469

Key Information

GHSA ID
GHSA-7cx8-44pc-xv3q
Published
July 10, 2024 3:43 PM
Last Modified
November 18, 2024 4:26 PM
CVSS Score
5.0 /10
Primary Ecosystem
RubyGems
Primary Package
decidim
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.