CVE Daily

CVE-2023-52084

Winter is a free, open-source content management system. Prior to 1.2.4, Users w...

Low CVSS 2.0

Overview

Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.

CWE: CWE-79 Published: 2023-12-28T23:15:43.777
Risk analysis

This vulnerability is rated 🟢 LOW.

  • CVSS: 2.0 (LOW)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags