Packagist (Composer) package
winter/wn-cms-module
pkg:composer/winter/wn-cms-module
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22254 | — | < 1.2.10 | 1.2.10 | Feb 6, 2026 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue | ||
| CVE-2024-54149 | — | >= 1.2.0, < 1.2.7 | 1.2.7 | Dec 9, 2024 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and mo |
- CVE-2026-22254Feb 6, 2026affected < 1.2.10fixed 1.2.10
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue
- CVE-2024-54149Dec 9, 2024affected >= 1.2.0, < 1.2.7fixed 1.2.7
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and mo