4 matches found
WinterCMS 1.2.2 Cross Site Scripting
Exploit Title: WinterCMS alertdocument.cookie; //P...
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting Vulnerability
Exploit Title: WinterCMS alertdocument.cookie; //Post Request POST /backend/system/settings/update/winter/back...
CVE-2023-37269
creationtimestamp| type| source ---|---|--- 2023-07-08 02:17:52+00:00| seen| https://t.me/cibsecurity/66234 2024-01-26 01:16:57+00:00| seen| https://t.me/ctinow/173901...
CVE-2023-37269
Winter CMS is vulnerable to a stored XSS due to unsanitized SVG uploads in the branding logo function prior to v1.2.3. The issue requires an attacker with backend.manage_branding permission (or higher) and user interaction by visiting the URL of the malicious SVG; exploitation is further constrai...