File tree 1 file changed +47
-0
lines changed
1 file changed +47
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ' CVE-2024-45594 (decidim-meetings): decidim-meetings Cross-site scripting vulnerability
4+ in the online or hybrid meeting embeds'
5+ comments : false
6+ categories :
7+ - decidim-meetings
8+ advisory :
9+ gem : decidim-meetings
10+ cve : 2024-45594
11+ ghsa : j4h6-gcj7-7v9v
12+ url : https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v
13+ title : decidim-meetings Cross-site scripting vulnerability in the online or hybrid
14+ meeting embeds
15+ date : 2024-11-13
16+ description : |
17+ ### Impact
18+
19+ The meeting embeds feature used in the online or hybrid meetings
20+ is subject to potential XSS attack through a malformed URL.
21+
22+ ### Workarounds
23+
24+ Disable the creation of meetings by participants in the meeting component.
25+
26+ ### References
27+
28+ OWASP ASVS v4.0.3-5.1.3
29+
30+ ### Credits
31+
32+ This issue was discovered in a security audit organized by mitgestalten
33+ Partizipationsbüro against Decidim. The security audit was implemented
34+ by the Austrian Institute of Technology.
35+ cvss_v3 : 7.7
36+ unaffected_versions :
37+ - " < 0.28.0"
38+ patched_versions :
39+ - " ~> 0.28.3"
40+ - " >= 0.29.0"
41+ related :
42+ url :
43+ - https://nvd.nist.gov/vuln/detail/CVE-2024-45594
44+ - https://github.com/decidim/decidim/releases/tag/v0.28.3
45+ - https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v
46+ - https://github.com/advisories/GHSA-j4h6-gcj7-7v9v
47+ ---
You can’t perform that action at this time.
0 commit comments