9 matches found
CVE-2026-27591
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...
CVE-2026-27591
CVE-2026-27591 pertains to Winter CMS (Laravel-based). The issue allows authenticated backend users to escalate their own access by mutating roles/permissions via specially crafted backend requests while logged in. Root cause is an authorization weakness in the backend account management flow. Im...
Winter 安全漏洞
Winter is a free and open-source content management system based on the Laravel PHP framework developed by Winter. Versions of Winter prior to 1.0.477, 1.1.12, and 1.2.12 contain security vulnerabilities. These vulnerabilities stem from improper permission allocation, which may allow authenticate...
PT-2026-24850
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...
CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
EUVD-2026-5618
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
Winter 安全漏洞
Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A security vulnerability exists in Winter v.1.2.3 that originated from a vulnerability that allows remote attackers to execute arbitrary code via CMS page fields and plugin components using a crafted paylo...
Winter Path Traversal Vulnerability
Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A path traversal vulnerability exists in Winter versions prior to 1.2.4, which stems from a vulnerability that allows an attacker to include local files via a LESS compilation of the value provided to the...
Winter Cross-Site Scripting Vulnerability
Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A cross-site scripting vulnerability exists in Winter versions prior to 1.2.4, which stems from the presence of a stored cross-site scripting XSS vulnerability...