Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-rx9f-5ggv-5rh6

GitHub Security Advisory

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
The admin panel is subject to potential XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted.

### Patches

N/A

### Workarounds

Redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`)

### References

OWASP ASVS v4.0.3-5.1.3

Affected Packages

RubyGems decidim-admin
Affected versions: 0 (fixed in 0.27.7)
RubyGems decidim-admin
Affected versions: 0.28.0 (fixed in 0.28.2)

Related CVEs

CVE-2024-32034

Key Information

GHSA ID
GHSA-rx9f-5ggv-5rh6
Published
September 16, 2024 5:17 PM
Last Modified
September 17, 2024 10:27 PM
CVSS Score
5.0 /10
Primary Ecosystem
RubyGems
Primary Package
decidim-admin
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.