Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-cc4g-m3g7-xmw8

GitHub Security Advisory

Decidim has a cross-site scripting vulnerability in the version control page

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

### Impact

The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL.

### Workarounds

Not available

### References

OWASP ASVS v4.0.3-5.1.3

### Credits

This issue was discovered in a security audit organized by [Open Source Politics](https://opensourcepolitics.eu/) against Decidim done during July 2025.

Affected Packages

RubyGems decidim

Affected versions: 0 (fixed in 0.27.8)

Related CVEs

CVE-2024-41673

Key Information

GHSA ID

GHSA-cc4g-m3g7-xmw8

Published

October 1, 2024 6:14 PM

Last Modified

October 3, 2024 1:25 PM

CVSS Score

7.5 /10

Primary Ecosystem

RubyGems

Primary Package

decidim

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.