| |
Vulnerability CVE-2023-52083
Published: 2023-12-28 Modified: 2023-12-29
| Description: |
Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4. |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp
https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
