Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-28T22:15:59.952Z

Updated: 2024-08-02T22:48:12.169Z

Reserved: 2023-12-26T17:23:22.236Z

Link: CVE-2023-52084

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-28T23:15:43.777

Modified: 2024-11-21T08:39:08.280

Link: CVE-2023-52084

cve-icon Redhat

No data.