CVE-2023-52084
published 2023-12-28CVE-2023-52084: Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.31%
22.5th percentile
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| winter | wn-backend-module | >= 0 < 1.2.4 | 1.2.4 |
| wintercms | winter | < 1.2.4 | 1.2.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Winter CMS Stored XSS through Backend ColorPicker FormWidget
ghsa·2023-12-28
CVE-2023-52084 [LOW] CWE-79 Winter CMS Stored XSS through Backend ColorPicker FormWidget
Winter CMS Stored XSS through Backend ColorPicker FormWidget
### Impact
Users with access to backend forms that include a [ColorPicker FormWidget](https://wintercms.com/docs/v1.2/docs/backend/forms#color-picker) can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack.
By default, only the Brand Settings (`backend.manage_branding`) and Mail Brand Settings (`system.manage_mail_templates`) forms include the `colorpicker` formwidget, however it is also common for theme's to include it on their Theme Customization (`cms.manage_theme_options`) form.
Although this was a security issue, it's important to note that its severity is relatively low. To exploit the vulnerability, an attacker would already need to have trusted access
OSV
Winter CMS Stored XSS through Backend ColorPicker FormWidget
osv·2023-12-28
CVE-2023-52084 [LOW] Winter CMS Stored XSS through Backend ColorPicker FormWidget
Winter CMS Stored XSS through Backend ColorPicker FormWidget
### Impact
Users with access to backend forms that include a [ColorPicker FormWidget](https://wintercms.com/docs/v1.2/docs/backend/forms#color-picker) can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack.
By default, only the Brand Settings (`backend.manage_branding`) and Mail Brand Settings (`system.manage_mail_templates`) forms include the `colorpicker` formwidget, however it is also common for theme's to include it on their Theme Customization (`cms.manage_theme_options`) form.
Although this was a security issue, it's important to note that its severity is relatively low. To exploit the vulnerability, an attacker would already need to have trusted access
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5bahttps://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5bahttps://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29
2023-12-28
Published