CVE-2023-52083
published 2023-12-28CVE-2023-52083: Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager…
PriorityP422medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.31%
22.8th percentile
Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| winter | wn-system-module | >= 0 < 1.2.4 | 1.2.4 |
| wintercms | winter | < 1.2.4 | 1.2.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
osv·2023-12-28
CVE-2023-52083 [LOW] Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
### Impact
Users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack.
Although this was a security issue, it's important to note that its severity is low. To exploit the vulnerability, an attacker would already need to have trusted permissions in the Winter CMS backend. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would h
GHSA
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
ghsa·2023-12-28
CVE-2023-52083 [LOW] CWE-79 Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
### Impact
Users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack.
Although this was a security issue, it's important to note that its severity is low. To exploit the vulnerability, an attacker would already need to have trusted permissions in the Winter CMS backend. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would h
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjphttps://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp
2023-12-28
Published