Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-28T22:11:55.494Z

Updated: 2024-08-02T22:48:12.132Z

Reserved: 2023-12-26T17:23:22.236Z

Link: CVE-2023-52083

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-28T23:15:43.557

Modified: 2024-11-21T08:39:08.150

Link: CVE-2023-52083

cve-icon Redhat

No data.