Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
References
Link | Resource |
---|---|
https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491 | Patch |
https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-28T22:11:55.494Z
Updated: 2023-12-28T22:11:55.494Z
Reserved: 2023-12-26T17:23:22.236Z
Link: CVE-2023-52083
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-28T23:15:43.557
Modified: 2024-01-05T00:01:33.360
Link: CVE-2023-52083
JSON object: View
Redhat Information
No data.
CWE