CVE-2024-41673 (decidim): Decidim has a cross-site scripting vulnerability in the version control page

Decidim has a cross-site scripting vulnerability in the version control page

Published: October 01, 2024

CVE: CVE-2024-41673 (NVD)
GHSA: GHSA-cc4g-m3g7-xmw8
Vendor Advisory: https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8

CVSS v3.x: 7.1 (High)

>= 0.27.8

The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL.

Not available

OWASP ASVS v4.0.3-5.1.3

This issue was discovered in a security audit organized by Open Source Politics against Decidim done during July 2025.