VDB
KO
HIGH 7.7

GHSA-j4h6-gcj7-7v9v

decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds

Details

### Impact

The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.

### Patches

Not available

### Workarounds

Disable the creation of meetings by participants in the meeting component.

### References

OWASP ASVS v4.0.3-5.1.3

### Credits

This issue was discovered in a security audit organized by mitgestalten Partizipationsbüro against Decidim. The security audit was implemented by the Austrian Institute of Technology.

Are you affected?

Enter the version of the package you're using.

Affected packages

RubyGems / decidim-meetings
Introduced in: 0.28.0 Fixed in: 0.28.3
Fix bundle update decidim-meetings

References