CVE-2023-37269

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the backend.manage_branding permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting...