CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-54149 – Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
https://notcve.org/view.php?id=CVE-2024-54149
09 Dec 2024 — Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is a... • https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52085 – Winter CMS Local File Inclusion through Server Side Template Injection
https://notcve.org/view.php?id=CVE-2023-52085
29 Dec 2023 — Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. Winter es un sistema de gestión de contenidos gratuito y de código abierto. • https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52084 – Winter CMS Stored XSS through Backend ColorPicker FormWidget
https://notcve.org/view.php?id=CVE-2023-52084
28 Dec 2023 — Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4. Winter es un sistema de gestión de contenidos gratuito y de código abierto. Antes de 1.2.4, los usuarios con acceso a formularios de backend que incluyen un FormWidget ColorPicker pueden proporcionar un... • https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52083 – Stored XSS through privileged upload of Media Manager file followed by renaming
https://notcve.org/view.php?id=CVE-2023-52083
28 Dec 2023 — Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4. Winter es un sistema de gestión de contenidos gratuito y de código abierto. • https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-37269 – Winter CMS vulnerable to stored XSS through privileged upload of SVG file
https://notcve.org/view.php?id=CVE-2023-37269
07 Jul 2023 — Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within... • https://packetstorm.news/files/id/173520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39357 – Winter vulnerable to Prototype Pollution in Snowboard framework
https://notcve.org/view.php?id=CVE-2022-39357
26 Oct 2022 — Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing... • https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •