Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-28T22:11:55.494Z
Updated: 2024-08-02T22:48:12.132Z
Reserved: 2023-12-26T17:23:22.236Z
Link: CVE-2023-52083
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-28T23:15:43.557
Modified: 2024-11-21T08:39:08.150
Link: CVE-2023-52083
Redhat
No data.