GHSA-2X7R-93WW-CXRQ Winter CMS Local File Inclusion through Server Side Template Injection
Impact Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. By default, only th...