Vulnerability Details CVE-2023-52083
Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.4%
CVSS Severity
CVSS v3 Score 2.0
References
- https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491
- https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp
- https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491
- https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp
Products affected by CVE-2023-52083
-
cpe:2.3:a:wintercms:winter:1.0.319
-
cpe:2.3:a:wintercms:winter:1.0.320
-
cpe:2.3:a:wintercms:winter:1.0.321
-
cpe:2.3:a:wintercms:winter:1.0.322
-
cpe:2.3:a:wintercms:winter:1.0.323
-
cpe:2.3:a:wintercms:winter:1.0.324
-
cpe:2.3:a:wintercms:winter:1.0.325
-
cpe:2.3:a:wintercms:winter:1.0.326
-
cpe:2.3:a:wintercms:winter:1.0.327
-
cpe:2.3:a:wintercms:winter:1.0.328
-
cpe:2.3:a:wintercms:winter:1.0.329
-
cpe:2.3:a:wintercms:winter:1.0.330
-
cpe:2.3:a:wintercms:winter:1.0.331
-
cpe:2.3:a:wintercms:winter:1.0.332
-
cpe:2.3:a:wintercms:winter:1.0.333
-
cpe:2.3:a:wintercms:winter:1.0.334
-
cpe:2.3:a:wintercms:winter:1.0.335
-
cpe:2.3:a:wintercms:winter:1.0.336
-
cpe:2.3:a:wintercms:winter:1.0.337
-
cpe:2.3:a:wintercms:winter:1.0.338
-
cpe:2.3:a:wintercms:winter:1.0.339
-
cpe:2.3:a:wintercms:winter:1.0.340
-
cpe:2.3:a:wintercms:winter:1.0.341
-
cpe:2.3:a:wintercms:winter:1.0.342
-
cpe:2.3:a:wintercms:winter:1.0.343
-
cpe:2.3:a:wintercms:winter:1.0.344
-
cpe:2.3:a:wintercms:winter:1.0.345
-
cpe:2.3:a:wintercms:winter:1.0.346
-
cpe:2.3:a:wintercms:winter:1.0.347
-
cpe:2.3:a:wintercms:winter:1.0.348
-
cpe:2.3:a:wintercms:winter:1.0.349
-
cpe:2.3:a:wintercms:winter:1.0.350
-
cpe:2.3:a:wintercms:winter:1.0.351
-
cpe:2.3:a:wintercms:winter:1.0.352
-
cpe:2.3:a:wintercms:winter:1.0.353
-
cpe:2.3:a:wintercms:winter:1.0.354
-
cpe:2.3:a:wintercms:winter:1.0.355
-
cpe:2.3:a:wintercms:winter:1.0.356
-
cpe:2.3:a:wintercms:winter:1.0.357
-
cpe:2.3:a:wintercms:winter:1.0.358
-
cpe:2.3:a:wintercms:winter:1.0.359
-
cpe:2.3:a:wintercms:winter:1.0.360
-
cpe:2.3:a:wintercms:winter:1.0.361
-
cpe:2.3:a:wintercms:winter:1.0.362
-
cpe:2.3:a:wintercms:winter:1.0.363
-
cpe:2.3:a:wintercms:winter:1.0.364
-
cpe:2.3:a:wintercms:winter:1.0.365
-
cpe:2.3:a:wintercms:winter:1.0.366
-
cpe:2.3:a:wintercms:winter:1.0.367
-
cpe:2.3:a:wintercms:winter:1.0.368
-
cpe:2.3:a:wintercms:winter:1.0.369
-
cpe:2.3:a:wintercms:winter:1.0.370
-
cpe:2.3:a:wintercms:winter:1.0.371
-
cpe:2.3:a:wintercms:winter:1.0.372
-
cpe:2.3:a:wintercms:winter:1.0.373
-
cpe:2.3:a:wintercms:winter:1.0.374
-
cpe:2.3:a:wintercms:winter:1.0.375
-
cpe:2.3:a:wintercms:winter:1.0.376
-
cpe:2.3:a:wintercms:winter:1.0.377
-
cpe:2.3:a:wintercms:winter:1.0.378
-
cpe:2.3:a:wintercms:winter:1.0.379
-
cpe:2.3:a:wintercms:winter:1.0.380
-
cpe:2.3:a:wintercms:winter:1.0.381
-
cpe:2.3:a:wintercms:winter:1.0.382
-
cpe:2.3:a:wintercms:winter:1.0.383
-
cpe:2.3:a:wintercms:winter:1.0.384
-
cpe:2.3:a:wintercms:winter:1.0.385
-
cpe:2.3:a:wintercms:winter:1.0.386
-
cpe:2.3:a:wintercms:winter:1.0.387
-
cpe:2.3:a:wintercms:winter:1.0.388
-
cpe:2.3:a:wintercms:winter:1.0.389
-
cpe:2.3:a:wintercms:winter:1.0.390
-
cpe:2.3:a:wintercms:winter:1.0.391
-
cpe:2.3:a:wintercms:winter:1.0.392
-
cpe:2.3:a:wintercms:winter:1.0.393
-
cpe:2.3:a:wintercms:winter:1.0.394
-
cpe:2.3:a:wintercms:winter:1.0.395
-
cpe:2.3:a:wintercms:winter:1.0.396
-
cpe:2.3:a:wintercms:winter:1.0.397
-
cpe:2.3:a:wintercms:winter:1.0.398
-
cpe:2.3:a:wintercms:winter:1.0.399
-
cpe:2.3:a:wintercms:winter:1.0.400
-
cpe:2.3:a:wintercms:winter:1.0.401
-
cpe:2.3:a:wintercms:winter:1.0.402
-
cpe:2.3:a:wintercms:winter:1.0.403
-
cpe:2.3:a:wintercms:winter:1.0.404
-
cpe:2.3:a:wintercms:winter:1.0.405
-
cpe:2.3:a:wintercms:winter:1.0.406
-
cpe:2.3:a:wintercms:winter:1.0.407
-
cpe:2.3:a:wintercms:winter:1.0.408
-
cpe:2.3:a:wintercms:winter:1.0.409
-
cpe:2.3:a:wintercms:winter:1.0.410
-
cpe:2.3:a:wintercms:winter:1.0.411
-
cpe:2.3:a:wintercms:winter:1.0.412
-
cpe:2.3:a:wintercms:winter:1.0.413
-
cpe:2.3:a:wintercms:winter:1.0.414
-
cpe:2.3:a:wintercms:winter:1.0.415
-
cpe:2.3:a:wintercms:winter:1.0.416
-
cpe:2.3:a:wintercms:winter:1.0.417
-
cpe:2.3:a:wintercms:winter:1.0.418
-
cpe:2.3:a:wintercms:winter:1.0.419
-
cpe:2.3:a:wintercms:winter:1.0.420
-
cpe:2.3:a:wintercms:winter:1.0.421
-
cpe:2.3:a:wintercms:winter:1.0.422
-
cpe:2.3:a:wintercms:winter:1.0.423
-
cpe:2.3:a:wintercms:winter:1.0.424
-
cpe:2.3:a:wintercms:winter:1.0.425
-
cpe:2.3:a:wintercms:winter:1.0.426
-
cpe:2.3:a:wintercms:winter:1.0.427
-
cpe:2.3:a:wintercms:winter:1.0.428
-
cpe:2.3:a:wintercms:winter:1.0.429
-
cpe:2.3:a:wintercms:winter:1.0.430
-
cpe:2.3:a:wintercms:winter:1.0.431
-
cpe:2.3:a:wintercms:winter:1.0.432
-
cpe:2.3:a:wintercms:winter:1.0.433
-
cpe:2.3:a:wintercms:winter:1.0.434
-
cpe:2.3:a:wintercms:winter:1.0.435
-
cpe:2.3:a:wintercms:winter:1.0.436
-
cpe:2.3:a:wintercms:winter:1.0.437
-
cpe:2.3:a:wintercms:winter:1.0.438
-
cpe:2.3:a:wintercms:winter:1.0.439
-
cpe:2.3:a:wintercms:winter:1.0.440
-
cpe:2.3:a:wintercms:winter:1.0.441
-
cpe:2.3:a:wintercms:winter:1.0.442
-
cpe:2.3:a:wintercms:winter:1.0.443
-
cpe:2.3:a:wintercms:winter:1.0.444
-
cpe:2.3:a:wintercms:winter:1.0.445
-
cpe:2.3:a:wintercms:winter:1.0.446
-
cpe:2.3:a:wintercms:winter:1.0.447
-
cpe:2.3:a:wintercms:winter:1.0.448
-
cpe:2.3:a:wintercms:winter:1.0.449
-
cpe:2.3:a:wintercms:winter:1.0.450
-
cpe:2.3:a:wintercms:winter:1.0.451
-
cpe:2.3:a:wintercms:winter:1.0.452
-
cpe:2.3:a:wintercms:winter:1.0.453
-
cpe:2.3:a:wintercms:winter:1.0.454
-
cpe:2.3:a:wintercms:winter:1.0.455
-
cpe:2.3:a:wintercms:winter:1.0.456
-
cpe:2.3:a:wintercms:winter:1.0.457
-
cpe:2.3:a:wintercms:winter:1.0.458
-
cpe:2.3:a:wintercms:winter:1.0.459
-
cpe:2.3:a:wintercms:winter:1.0.460
-
cpe:2.3:a:wintercms:winter:1.0.461
-
cpe:2.3:a:wintercms:winter:1.0.462
-
cpe:2.3:a:wintercms:winter:1.0.463
-
cpe:2.3:a:wintercms:winter:1.0.464
-
cpe:2.3:a:wintercms:winter:1.0.465
-
cpe:2.3:a:wintercms:winter:1.0.466
-
cpe:2.3:a:wintercms:winter:1.0.467
-
cpe:2.3:a:wintercms:winter:1.0.468
-
cpe:2.3:a:wintercms:winter:1.0.469
-
cpe:2.3:a:wintercms:winter:1.0.470
-
cpe:2.3:a:wintercms:winter:1.0.471
-
cpe:2.3:a:wintercms:winter:1.0.472
-
cpe:2.3:a:wintercms:winter:1.0.473
-
cpe:2.3:a:wintercms:winter:1.0.474
-
cpe:2.3:a:wintercms:winter:1.0.475
-
cpe:2.3:a:wintercms:winter:1.1.0
-
cpe:2.3:a:wintercms:winter:1.1.1
-
cpe:2.3:a:wintercms:winter:1.1.10
-
cpe:2.3:a:wintercms:winter:1.1.2
-
cpe:2.3:a:wintercms:winter:1.1.3
-
cpe:2.3:a:wintercms:winter:1.1.4
-
cpe:2.3:a:wintercms:winter:1.1.5
-
cpe:2.3:a:wintercms:winter:1.1.6
-
cpe:2.3:a:wintercms:winter:1.1.7
-
cpe:2.3:a:wintercms:winter:1.1.8
-
cpe:2.3:a:wintercms:winter:1.1.9
-
cpe:2.3:a:wintercms:winter:1.2.0
-
cpe:2.3:a:wintercms:winter:1.2.1
-
cpe:2.3:a:wintercms:winter:1.2.2
-
cpe:2.3:a:wintercms:winter:1.2.3