Winter Security Vulnerabilities and Issues — Winter CVE List

WintercmsWinter

9 matches found

CVE•added 2023/12/28 10:15 p.m.•100 views

CVE-2023-52084

Winter CMS Stored XSS (CVE-2023-52084) : The vulnerability is in Winter CMS prior to 1.2.4 where a value entered in backend forms using the ColorPicker FormWidget could be rendered unescaped, enabling stored XSS. Affected: versions before 1.2.4; root cause: unescaped rendering of input in backend...

5.4CVSS4.3AI score0.00309EPSS

CVE•added 2024/03/29 12:0 a.m.•97 views

CVE-2024-29686

CVE-2024-29686 describes a Server-side Template Injection (SSTI) in Winter CMS v1.2.3. The vulnerability allows a remote attacker to execute arbitrary code via a crafted payload in the CMS Pages field and Plugin components. Some sources note this could be exploited by an authenticated/admin user ...

7.2CVSS7.9AI score0.01821EPSS

CVE•added 2022/10/26 12:0 a.m.•79 views

CVE-2022-39357

CVE-2022-39357 affects the Winter CMS Snowboard framework (versions 1.1.8–1.2.0). The vulnerability is prototype pollution in the Snowboard main class and its plugin loader, with Winter 1.0 unaffected. Patched in Winter v1.1.10 and v1.2.1. If not yet upgraded, advisories recommend security practi...

9.8CVSS8.9AI score0.01027EPSS

CVE•added 2023/12/29 12:0 a.m.•68 views

CVE-2023-52085

Winter CMS before 1.2.4 is vulnerable to Local File Inclusion through the ColorPicker FormWidget when backend forms pass values to LESS compilation. The root cause is unprocessed user input being included in generated stylesheets, enabling potential local file exposure. Affected component: ColorP...

5.4CVSS4.5AI score0.30166EPSS

CVE•added 2024/12/09 8:54 p.m.•61 views

CVE-2024-54149

Winter CMS has a sandbox bypass in Twig templates that affects versions prior to 1.2.7, 1.1.11, and 1.0.476. If an attacker has backend access with cms.manage_layouts, cms.manage_pages, or cms.manage_partials, they can modify or delete theme resources and potentially manipulate model data passed ...

8.4CVSS8.8AI score0.00397EPSS

CVE•added 2023/07/07 9:19 p.m.•58 views

CVE-2023-37269

Winter CMS is vulnerable to a stored XSS due to unsanitized SVG uploads in the branding logo function prior to v1.2.3. The issue requires an attacker with backend.manage_branding permission (or higher) and user interaction by visiting the URL of the malicious SVG; exploitation is further constrai...

4.8CVSS4.4AI score0.01637EPSS

Web

CVE•added 2023/12/28 10:11 p.m.•49 views

CVE-2023-52083

CVE-2023-52083 affects Winter CMS. Before 1.2.4, users with the media.manage_media permission could upload files to the Media Manager and rename them after upload, with sanitization only on upload (not on rename), allowing a stored XSS vulnerability. The issue has been patched in v1.2.4.

4.8CVSS4.1AI score0.00311EPSS

CVE•added 2026/03/11 9:25 p.m.•15 views

CVE-2026-27591

CVE-2026-27591 pertains to Winter CMS (Laravel-based). The issue allows authenticated backend users to escalate their own access by mutating roles/permissions via specially crafted backend requests while logged in. Root cause is an authorization weakness in the backend account management flow. Im...

9.9CVSS5.8AI score0.00486EPSS

CVE•added 2026/02/06 7:11 p.m.•11 views

CVE-2026-22254

CVE-2026-22254 affects Winter CMS prior to 1.2.10, where the Asset Manager allowed uploading SVGs without automatic sanitization if a user had cms.manage_assets. This could enable stored XSS in affected deployments, since the attacker must have backend access with that permission. The issue is fi...

3.5CVSS5.6AI score0.00251EPSS