CVE-2024-39910 - Decidim QuillJS Cross-Site Scripting (XSS) Vulnerability

2 months ago 28
ARTICLE AD BOX
CVE ID : CVE-2024-39910
Published : Sept. 16, 2024, 7:16 p.m. | 23 minutes ago
Description : decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the "Enable rich text editor for participants" setting in the admin dashboard
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article
  1. Homepage
  2. CVEs
  3. CVE-2024-39910 - Decidim QuillJS Cross-Site Scripting (XSS) Vulnerability

Related

CVE-2024-49203 - Querydsl JPA orderBy SQL Injection

CVE-2024-49203 - Querydsl JPA orderBy SQL Injection

2 days ago 5
CVE-2024-52702 - MyBB Stored XSS Vulnerability

CVE-2024-52702 - MyBB Stored XSS Vulnerability

2 days ago 5
CVE-2024-48986 - Micrium mBedOS HCI Buffer Overflow Vulnerability

CVE-2024-48986 - Micrium mBedOS HCI Buffer Overflow Vulnerab...

2 days ago 5

Trending

1. Cher
2. Premier League
3. Mavericks vs Nuggets
4. Bucks
5. Celtics
6. Warriors vs Pelicans
7. Boston Celtics
8. Khalid
9. Duke Basketball
10. Michigan State football

Popular

CVE-2024-6343 - Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN Buffer Overflow Denial of Service

CVE-2024-6343 - Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W...

2 months ago 167
CVE-2024-5053 - Fluent Forms Mailchimp API Key Update Weakness

CVE-2024-5053 - Fluent Forms Mailchimp API Key Update Weakne...

2 months ago 154
CVE-2024-8367 - HM Courts & Tribunals Service Probate Back Office Markdown Handler Injection Vulnerability

CVE-2024-8367 - HM Courts & Tribunals Service Probate Back O...

2 months ago 121
CVE-2024-44946 - Linux KCM kcm_sendmsg() UAF

CVE-2024-44946 - Linux KCM kcm_sendmsg() UAF

2 months ago 97
CVE-2024-8368 - "Code-projects Hospital Management System SQL Injection Vulnerability"

CVE-2024-8368 - "Code-projects Hospital Management System SQ...

2 months ago 91
English (US) English (US) ·
About Us · Contact Us · Terms & Conditions · Tools ·

© Intel85 - OSINT Search Engine 2024. All rights are reserved