Количество 2
Количество 2
CVE-2023-52084
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
GHSA-43w4-4j3c-jx29
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-52084 Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4. | CVSS3: 2 | 0% Низкий | около 2 лет назад |
| GHSA-43w4-4j3c-jx29 Winter CMS Stored XSS through Backend ColorPicker FormWidget | CVSS3: 2 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу