漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cross-site scripting (XSS) in the decidim admin activity log
Vulnerability Description
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Decidim 跨站脚本漏洞
Vulnerability Description
Decidim是Decidim开源的一个参与式民主框架,用 Ruby on Rails 编写。 Decidim 0.27.6及之前版本和0.28.1及之前版本存在跨站脚本漏洞,该漏洞源于在管理员面板中,若管理员为某个提案分配评估者或执行任何会产生管理活动日志的操作,则可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A