Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Decidim has a Cross-site scripting (XSS) vulnerability via user name field
Vulnerability Description
Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. This issue has been fixed in versions 0.30.5 and 0.31.1.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Decidim 跨站脚本漏洞
Vulnerability Description
Decidim是Decidim开源的一个参与式民主框架,用 Ruby on Rails 编写。 Decidim 0.30.5之前版本和0.31.0.rc1至0.31.0版本存在跨站脚本漏洞,该漏洞源于用户名字段存在存储型代码执行问题,可能导致低权限攻击者在被动访问评论页面的用户环境中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A