2 matches found
CVE-2023-52084
creationtimestamp| type| source ---|---|--- 2023-12-29 00:26:16+00:00| seen| https://t.me/ctinow/160254 2024-01-20 15:46:07+00:00| seen| https://t.me/ctinow/170655 2024-01-26 18:48:10+00:00| seen| https://t.me/arpsyndicate/3035 2025-04-17 20:58:20+00:00| published-proof-of-concept|...
CVE-2023-52084 Winter CMS Stored XSS through Backend ColorPicker FormWidget
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patche...