Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 8:56 a.m.6 views

CVE-2024-29686

Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the...

7.2CVSS8AI score0.01821EPSS
Exploits1References1
Veracode
Veracodeadded 2024/04/01 4:18 a.m.24 views

Server-Side Template Injection (SSTI)

wintercms/winter is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to insufficient input validation, allowing an admin authenticated remote attacker to execute arbitrary code by injecting a crafted payload into the CMS Pages field and Plugin components...

7.2CVSS7.8AI score0.01821EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2024/03/29 6:30 p.m.59 views

Winter CMS Server-Side Template Injection (SSTI) vulnerability

Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components...

7.2CVSS8.3AI score0.01821EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2024/03/29 12:0 a.m.98 views

CVE-2024-29686

CVE-2024-29686 describes a Server-side Template Injection (SSTI) in Winter CMS v1.2.3. The vulnerability allows a remote attacker to execute arbitrary code via a crafted payload in the CMS Pages field and Plugin components. Some sources note this could be exploited by an authenticated/admin user ...

7.2CVSS7.9AI score0.01821EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2024/03/29 12:0 a.m.6 views

PT-2024-22962 · Unknown · Winter Cms

Name of the Vulnerable Software and Affected Versions: Winter CMS version 1.2.3 Description: A Server-side Template Injection SSTI issue allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. The vendor disputes this vulnerability,...

8.7CVSS8.2AI score0.01821EPSS
Exploits1References12
NVD
NVDadded 2021/07/09 10:15 p.m.13 views

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...

5.4CVSS0.0045EPSS
Exploits1References1
OSV
OSVadded 2021/07/09 10:15 p.m.3 views

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...

5.4CVSS5.6AI score0.0045EPSS
Exploits1References1
Cvelist
Cvelistadded 2021/07/09 9:56 p.m.17 views

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...

5.5AI score0.0045EPSS
Exploits1References1
Rows per page
Query Builder