Low severity2.0NVD Advisory· Published Dec 28, 2023· Updated Jun 17, 2026
CVE-2023-52084
CVE-2023-52084
Description
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
winter/wn-backend-modulePackagist | < 1.2.4 | 1.2.4 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5banvdPatchWEB
- github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-43w4-4j3c-jx29ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-52084ghsaADVISORY
News mentions
0No linked articles in our index yet.