CVE-2023-52083
CVE-2023-52083 affects Winter CMS. Before 1.2.4, users with the media.manage_media permission could upload files to the Media Manager and rename them after upload, with sanitization only on upload (not on rename), allowing a stored XSS vulnerability. The issue has been patched in v1.2.4.