Low severity2.0NVD Advisory· Published Dec 28, 2023· Updated Jun 17, 2026
CVE-2023-52083
CVE-2023-52083
Description
Winter is a free, open-source content management system. Prior to 1.2.4, users with the media.manage_media permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
winter/wn-system-modulePackagist | < 1.2.4 | 1.2.4 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491nvdPatchWEB
- github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjpnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-4wvw-75qh-fqjpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-52083ghsaADVISORY
News mentions
0No linked articles in our index yet.