{"id":"CVE-2024-41673","summary":"Decidim has a cross-site scripting vulnerability in the version control page","details":"Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.","aliases":["GHSA-cc4g-m3g7-xmw8"],"modified":"2026-04-10T05:15:50.306936Z","published":"2024-10-01T14:58:34.521Z","database_specific":{"cwe_ids":["CWE-79"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41673.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41673.json"},{"type":"ADVISORY","url":"https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41673"},{"type":"FIX","url":"https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/decidim/decidim","events":[{"introduced":"0"},{"fixed":"88a6de07b0dc5bab7c4c59dbce7de062e94ff528"}]}],"versions":["v0.0.1","v0.0.1.alpha","v0.0.1.alpha1","v0.0.1.alpha2","v0.0.1.alpha3","v0.0.1.alpha4","v0.0.1.alpha5","v0.0.1.alpha6","v0.0.1.alpha7","v0.0.1.alpha8","v0.0.1.alpha9","v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.0.8.1","v0.1.0","v0.2.0","v0.20.0","v0.27.0","v0.27.0.rc1","v0.27.1","v0.27.2","v0.27.3","v0.27.4","v0.27.5","v0.27.6","v0.27.7","v0.3.0","v0.4.0","v0.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41673.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}]}