DECE Software CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM DECE Software CVE published 2023-11-22

CVE-2023-6011

CVE-2023-6011 is a stored cross-site scripting (XSS) issue in DECE Geodi. The CVE record states that affected versions are Geodi before 8.0.0.27396, and the weakness is classified as CWE-79. Because this is stored XSS, malicious input can be saved and later rendered to other users, creating a client-side injection risk in affected web page generation paths. The CVE was publicly published on 2023-11-22 and [truncated]

HIGH DECE Software CVE published 2023-11-22

CVE-2023-5921

CVE-2023-5921 describes an improper enforcement of behavioral workflow in DECE Software Geodi that can lead to a functionality bypass. The vulnerable versions are those before 8.0.0.27396. NVD rates the issue HIGH with a CVSS 3.1 score of 7.1, and the published vector indicates a local, low-privilege attack path with no user interaction.