3 matches found
CVE-2026-22254
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
PT-2026-6545
Name of the Vulnerable Software and Affected Versions Winter CMS versions prior to 1.2.10 Description Winter CMS versions before 1.2.10 allow users with access to the CMS Asset Manager to upload Scalable Vector Graphics SVGs without proper sanitization. An attacker needs access to the Backend wit...
EUVD-2020-0474
Malware in sbrugna...