CVE-2023-52084 - Vulnerability Details - OpenCVE

Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00316.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Wintercms	Winter

Configuration 1 [-]

cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-3092	Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
Github GHSA	GHSA-43w4-4j3c-jx29	Winter CMS Stored XSS through Backend ColorPicker FormWidget

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba
https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29

History

Thu, 17 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-28T22:15:59.952Z

Updated: 2025-04-17T20:27:13.689Z

Reserved: 2023-12-26T17:23:22.236Z

Link: CVE-2023-52084

Vulnrichment

Updated: 2024-08-02T22:48:12.169Z

NVD

Status : Modified

Published: 2023-12-28T23:15:43.777

Modified: 2024-11-21T08:39:08.280

Link: CVE-2023-52084

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52084", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-26T17:23:22.236Z", "datePublished": "2023-12-28T22:15:59.952Z", "dateUpdated": "2025-04-17T20:27:13.689Z"}, "containers": {"cna": {"title": "Winter CMS Stored XSS through Backend ColorPicker FormWidget", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}, {"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["x_refsource_MISC"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}], "affected": [{"vendor": "wintercms", "product": "winter", "versions": [{"version": "< 1.2.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-28T22:15:59.952Z"}, "descriptions": [{"lang": "en", "value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."}], "source": {"advisory": "GHSA-43w4-4j3c-jx29", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:48:12.169Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}, {"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-03T15:50:20.364956Z", "id": "CVE-2023-52084", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:27:13.689Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52084", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-26T17:23:22.236Z", "datePublished": "2023-12-28T22:15:59.952Z", "dateUpdated": "2025-04-17T20:27:13.689Z"}, "containers": {"cna": {"title": "Winter CMS Stored XSS through Backend ColorPicker FormWidget", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}, {"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["x_refsource_MISC"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}], "affected": [{"vendor": "wintercms", "product": "winter", "versions": [{"version": "< 1.2.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-28T22:15:59.952Z"}, "descriptions": [{"lang": "en", "value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."}], "source": {"advisory": "GHSA-43w4-4j3c-jx29", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:48:12.169Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}, {"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52084", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-03T15:50:20.364956Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:27:03.555Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EE69DF4-BDE7-4A22-9947-BBD648026BA4", "versionEndExcluding": "1.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."}, {"lang": "es", "value": "Winter es un sistema de gesti\u00f3n de contenidos gratuito y de c\u00f3digo abierto. Antes de 1.2.4, los usuarios con acceso a formularios de backend que incluyen un FormWidget ColorPicker pueden proporcionar un valor que luego se mostrar\u00eda sin formato de escape en el formulario de backend, lo que podr\u00eda permitir un ataque XSS almacenado. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.4."}], "id": "CVE-2023-52084", "lastModified": "2024-11-21T08:39:08.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-28T23:15:43.777", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}