Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-52083

Published: 28/12/2023 Updated: 05/01/2024
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 0
Subscribe to Winter

Vulnerability Summary

Winter is a free, open-source content management system. before 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.

Vulnerable Product Search on Vulmon Subscribe to Product

wintercms winter

References

CWE-79https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjphttps://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook