First published: Tue Oct 01 2024(Updated: )
### Impact The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL. ### Workarounds Not available ### References OWASP ASVS v4.0.3-5.1.3 ### Credits This issue was discovered in a security audit organized by [Open Source Politics](https://opensourcepolitics.eu/) against Decidim done during July 2025.
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/decidim | <=0.27.7 | 0.27.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.