CVE-2023-52084 - OpenCVE

Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wintercms	Winter

Configuration 1 [-]

cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba
https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-28T22:15:59.952Z

Updated: 2024-08-02T22:48:12.169Z

Reserved: 2023-12-26T17:23:22.236Z

Link: CVE-2023-52084

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-28T23:15:43.777

Modified: 2024-01-05T00:08:19.287

Link: CVE-2023-52084

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52084", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-26T17:23:22.236Z", "datePublished": "2023-12-28T22:15:59.952Z", "dateUpdated": "2024-08-02T22:48:12.169Z"}, "containers": {"cna": {"title": "Winter CMS Stored XSS through Backend ColorPicker FormWidget", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}, {"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["x_refsource_MISC"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}], "affected": [{"vendor": "wintercms", "product": "winter", "versions": [{"version": "< 1.2.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-28T22:15:59.952Z"}, "descriptions": [{"lang": "en", "value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."}], "source": {"advisory": "GHSA-43w4-4j3c-jx29", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:48:12.169Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}, {"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EE69DF4-BDE7-4A22-9947-BBD648026BA4", "versionEndExcluding": "1.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."}, {"lang": "es", "value": "Winter es un sistema de gesti\u00f3n de contenidos gratuito y de c\u00f3digo abierto. Antes de 1.2.4, los usuarios con acceso a formularios de backend que incluyen un FormWidget ColorPicker pueden proporcionar un valor que luego se mostrar\u00eda sin formato de escape en el formulario de backend, lo que podr\u00eda permitir un ataque XSS almacenado. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.4."}], "id": "CVE-2023-52084", "lastModified": "2024-01-05T00:08:19.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-28T23:15:43.777", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}