VYPR
Low severity2.0NVD Advisory· Published Dec 28, 2023· Updated Jun 17, 2026

CVE-2023-52083

CVE-2023-52083

Description

Winter is a free, open-source content management system. Prior to 1.2.4, users with the media.manage_media permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
winter/wn-system-modulePackagist
< 1.2.41.2.4

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.