CVE-2024-32034
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2024-32034 is a vulnerability found in the Decidim platform, which is an open-source tool for participatory democracy. The issue arises from a potential Cross-site Scripting (XSS) attack that can occur when an admin assigns a valuator to a proposal or performs any action that generates an admin activity log containing crafted resources. Affected products include various versions of Decidim, specifically those prior to releases 0.27.7 and 0.28.2. To mitigate this vulnerability, users are advised to upgrade to the latest versions or, if unable to upgrade, redirect the /admin and /admin/logs pages to prevent unauthorized access. This vulnerability poses a medium-level risk with high confidentiality impact due to the potential for unauthorized data exposure, requiring user interaction and low privileges for exploitation over a network.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.