Search criteria
14 vulnerabilities found for winter by wintercms
CVE-2024-54149 (GCVE-0-2024-54149)
Vulnerability from nvd – Published: 2024-12-09 20:54 – Updated: 2024-12-10 17:13
VLAI?
Title
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Summary
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is also possible to also manipulate model data if models are passed directly to Twig, including changing attributes or even removing records entirely. In most cases, this is unwanted behavior and potentially dangerous. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any of the following permissions: `cms.manage_layouts`; `cms.manage_pages`; or `cms.manage_partials`. The Winter CMS maintainers strongly recommend that these permissions only be reserved to trusted administrators and developers in general. The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in versions 1.2.7, 1.1.11, and 1.0.476. Thse who cannot upgrade may apply commit fb88e6fabde3b3278ce1844e581c87dcf7daee22 to their Winter CMS installation manually to resolve the issue. In the rare event that a Winter user was relying on being able to write to models/datasources within their Twig templates, they should instead use or create components to make changes to their models.
Severity ?
8.5 (High)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T16:11:07.059128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T17:13:11.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.7"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.1.11"
},
{
"status": "affected",
"version": "\u003c 1.0.476"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is also possible to also manipulate model data if models are passed directly to Twig, including changing attributes or even removing records entirely. In most cases, this is unwanted behavior and potentially dangerous. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any of the following permissions: `cms.manage_layouts`; `cms.manage_pages`; or `cms.manage_partials`. The Winter CMS maintainers strongly recommend that these permissions only be reserved to trusted administrators and developers in general. The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in versions 1.2.7, 1.1.11, and 1.0.476. Thse who cannot upgrade may apply commit fb88e6fabde3b3278ce1844e581c87dcf7daee22 to their Winter CMS installation manually to resolve the issue. In the rare event that a Winter user was relying on being able to write to models/datasources within their Twig templates, they should instead use or create components to make changes to their models."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T20:54:41.797Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-xhw3-4j3m-hq53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-xhw3-4j3m-hq53"
},
{
"name": "https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22"
}
],
"source": {
"advisory": "GHSA-xhw3-4j3m-hq53",
"discovery": "UNKNOWN"
},
"title": "Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54149",
"datePublished": "2024-12-09T20:54:41.797Z",
"dateReserved": "2024-11-29T18:02:16.756Z",
"dateUpdated": "2024-12-10T17:13:11.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29686 (GCVE-0-2024-29686)
Vulnerability from nvd – Published: 2024-03-29 00:00 – Updated: 2024-08-23 13:55 Disputed
VLAI?
Summary
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wintercms:winter:1.2.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29686",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T13:55:31.249487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-97",
"description": "CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:55:48.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/51893"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779"
},
{
"tags": [
"x_transferred"
],
"url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T00:52:53.676560",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51893"
},
{
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779"
},
{
"url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29686",
"datePublished": "2024-03-29T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-23T13:55:48.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52085 (GCVE-0-2023-52085)
Vulnerability from nvd – Published: 2023-12-29 00:00 – Updated: 2024-08-02 22:48
VLAI?
Title
Winter CMS Local File Inclusion through Server Side Template Injection
Summary
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq"
},
{
"name": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:00:03.968Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq"
},
{
"name": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd"
}
],
"source": {
"advisory": "GHSA-2x7r-93ww-cxrq",
"discovery": "UNKNOWN"
},
"title": "Winter CMS Local File Inclusion through Server Side Template Injection "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-52085",
"datePublished": "2023-12-29T00:00:03.968Z",
"dateReserved": "2023-12-26T17:23:22.236Z",
"dateUpdated": "2024-08-02T22:48:12.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52084 (GCVE-0-2023-52084)
Vulnerability from nvd – Published: 2023-12-28 22:15 – Updated: 2025-04-17 20:27
VLAI?
Title
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Summary
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"
},
{
"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T15:50:20.364956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T20:27:13.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:15:59.952Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"
},
{
"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"
}
],
"source": {
"advisory": "GHSA-43w4-4j3c-jx29",
"discovery": "UNKNOWN"
},
"title": "Winter CMS Stored XSS through Backend ColorPicker FormWidget"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-52084",
"datePublished": "2023-12-28T22:15:59.952Z",
"dateReserved": "2023-12-26T17:23:22.236Z",
"dateUpdated": "2025-04-17T20:27:13.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52083 (GCVE-0-2023-52083)
Vulnerability from nvd – Published: 2023-12-28 22:11 – Updated: 2024-08-02 22:48
VLAI?
Title
Stored XSS through privileged upload of Media Manager file followed by renaming
Summary
Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp"
},
{
"name": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:11:55.494Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp"
},
{
"name": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491"
}
],
"source": {
"advisory": "GHSA-4wvw-75qh-fqjp",
"discovery": "UNKNOWN"
},
"title": "Stored XSS through privileged upload of Media Manager file followed by renaming"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-52083",
"datePublished": "2023-12-28T22:11:55.494Z",
"dateReserved": "2023-12-26T17:23:22.236Z",
"dateUpdated": "2024-08-02T22:48:12.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37269 (GCVE-0-2023-37269)
Vulnerability from nvd – Published: 2023-07-07 21:19 – Updated: 2025-02-13 16:56
VLAI?
Title
Winter CMS vulnerable to stored XSS through privileged upload of SVG file
Summary
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3"
},
{
"name": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be"
},
{
"name": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c"
},
{
"name": "https://github.com/wintercms/winter/releases/tag/v1.2.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173520/WinterCMS-1.2.2-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T16:06:15.709Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3"
},
{
"name": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be"
},
{
"name": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c"
},
{
"name": "https://github.com/wintercms/winter/releases/tag/v1.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.3"
},
{
"url": "http://packetstormsecurity.com/files/173520/WinterCMS-1.2.2-Cross-Site-Scripting.html"
}
],
"source": {
"advisory": "GHSA-wjw2-4j7j-6gc3",
"discovery": "UNKNOWN"
},
"title": "Winter CMS vulnerable to stored XSS through privileged upload of SVG file"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37269",
"datePublished": "2023-07-07T21:19:38.971Z",
"dateReserved": "2023-06-29T19:35:26.438Z",
"dateUpdated": "2025-02-13T16:56:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39357 (GCVE-0-2022-39357)
Vulnerability from nvd – Published: 2022-10-26 00:00 – Updated: 2025-04-23 16:43
VLAI?
Title
Winter vulnerable to Prototype Pollution in Snowboard framework
Summary
Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.
Severity ?
8.1 (High)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.1.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:47:25.512688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:43:01.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.8, \u003c 1.1.10"
},
{
"status": "affected",
"version": "= 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q"
},
{
"url": "https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1"
},
{
"url": "https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f"
},
{
"url": "https://github.com/wintercms/winter/releases/tag/v1.1.10"
},
{
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.1"
}
],
"source": {
"advisory": "GHSA-3fh5-q6fg-w28q",
"discovery": "UNKNOWN"
},
"title": "Winter vulnerable to Prototype Pollution in Snowboard framework"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39357",
"datePublished": "2022-10-26T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:43:01.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54149 (GCVE-0-2024-54149)
Vulnerability from cvelistv5 – Published: 2024-12-09 20:54 – Updated: 2024-12-10 17:13
VLAI?
Title
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Summary
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is also possible to also manipulate model data if models are passed directly to Twig, including changing attributes or even removing records entirely. In most cases, this is unwanted behavior and potentially dangerous. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any of the following permissions: `cms.manage_layouts`; `cms.manage_pages`; or `cms.manage_partials`. The Winter CMS maintainers strongly recommend that these permissions only be reserved to trusted administrators and developers in general. The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in versions 1.2.7, 1.1.11, and 1.0.476. Thse who cannot upgrade may apply commit fb88e6fabde3b3278ce1844e581c87dcf7daee22 to their Winter CMS installation manually to resolve the issue. In the rare event that a Winter user was relying on being able to write to models/datasources within their Twig templates, they should instead use or create components to make changes to their models.
Severity ?
8.5 (High)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T16:11:07.059128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T17:13:11.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.7"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.1.11"
},
{
"status": "affected",
"version": "\u003c 1.0.476"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is also possible to also manipulate model data if models are passed directly to Twig, including changing attributes or even removing records entirely. In most cases, this is unwanted behavior and potentially dangerous. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any of the following permissions: `cms.manage_layouts`; `cms.manage_pages`; or `cms.manage_partials`. The Winter CMS maintainers strongly recommend that these permissions only be reserved to trusted administrators and developers in general. The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in versions 1.2.7, 1.1.11, and 1.0.476. Thse who cannot upgrade may apply commit fb88e6fabde3b3278ce1844e581c87dcf7daee22 to their Winter CMS installation manually to resolve the issue. In the rare event that a Winter user was relying on being able to write to models/datasources within their Twig templates, they should instead use or create components to make changes to their models."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T20:54:41.797Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-xhw3-4j3m-hq53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-xhw3-4j3m-hq53"
},
{
"name": "https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22"
}
],
"source": {
"advisory": "GHSA-xhw3-4j3m-hq53",
"discovery": "UNKNOWN"
},
"title": "Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54149",
"datePublished": "2024-12-09T20:54:41.797Z",
"dateReserved": "2024-11-29T18:02:16.756Z",
"dateUpdated": "2024-12-10T17:13:11.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29686 (GCVE-0-2024-29686)
Vulnerability from cvelistv5 – Published: 2024-03-29 00:00 – Updated: 2024-08-23 13:55 Disputed
VLAI?
Summary
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wintercms:winter:1.2.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29686",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T13:55:31.249487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-97",
"description": "CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T13:55:48.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/51893"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779"
},
{
"tags": [
"x_transferred"
],
"url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T00:52:53.676560",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51893"
},
{
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779"
},
{
"url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29686",
"datePublished": "2024-03-29T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-23T13:55:48.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52085 (GCVE-0-2023-52085)
Vulnerability from cvelistv5 – Published: 2023-12-29 00:00 – Updated: 2024-08-02 22:48
VLAI?
Title
Winter CMS Local File Inclusion through Server Side Template Injection
Summary
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq"
},
{
"name": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T00:00:03.968Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq"
},
{
"name": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/5bc9257fe2bc47d8b786a1b1bf96bafad23d8ddd"
}
],
"source": {
"advisory": "GHSA-2x7r-93ww-cxrq",
"discovery": "UNKNOWN"
},
"title": "Winter CMS Local File Inclusion through Server Side Template Injection "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-52085",
"datePublished": "2023-12-29T00:00:03.968Z",
"dateReserved": "2023-12-26T17:23:22.236Z",
"dateUpdated": "2024-08-02T22:48:12.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52084 (GCVE-0-2023-52084)
Vulnerability from cvelistv5 – Published: 2023-12-28 22:15 – Updated: 2025-04-17 20:27
VLAI?
Title
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Summary
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"
},
{
"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T15:50:20.364956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T20:27:13.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:15:59.952Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29"
},
{
"name": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba"
}
],
"source": {
"advisory": "GHSA-43w4-4j3c-jx29",
"discovery": "UNKNOWN"
},
"title": "Winter CMS Stored XSS through Backend ColorPicker FormWidget"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-52084",
"datePublished": "2023-12-28T22:15:59.952Z",
"dateReserved": "2023-12-26T17:23:22.236Z",
"dateUpdated": "2025-04-17T20:27:13.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52083 (GCVE-0-2023-52083)
Vulnerability from cvelistv5 – Published: 2023-12-28 22:11 – Updated: 2024-08-02 22:48
VLAI?
Title
Stored XSS through privileged upload of Media Manager file followed by renaming
Summary
Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp"
},
{
"name": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:11:55.494Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-4wvw-75qh-fqjp"
},
{
"name": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491"
}
],
"source": {
"advisory": "GHSA-4wvw-75qh-fqjp",
"discovery": "UNKNOWN"
},
"title": "Stored XSS through privileged upload of Media Manager file followed by renaming"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-52083",
"datePublished": "2023-12-28T22:11:55.494Z",
"dateReserved": "2023-12-26T17:23:22.236Z",
"dateUpdated": "2024-08-02T22:48:12.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37269 (GCVE-0-2023-37269)
Vulnerability from cvelistv5 – Published: 2023-07-07 21:19 – Updated: 2025-02-13 16:56
VLAI?
Title
Winter CMS vulnerable to stored XSS through privileged upload of SVG file
Summary
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3"
},
{
"name": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be"
},
{
"name": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c"
},
{
"name": "https://github.com/wintercms/winter/releases/tag/v1.2.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173520/WinterCMS-1.2.2-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T16:06:15.709Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3"
},
{
"name": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be"
},
{
"name": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c"
},
{
"name": "https://github.com/wintercms/winter/releases/tag/v1.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.3"
},
{
"url": "http://packetstormsecurity.com/files/173520/WinterCMS-1.2.2-Cross-Site-Scripting.html"
}
],
"source": {
"advisory": "GHSA-wjw2-4j7j-6gc3",
"discovery": "UNKNOWN"
},
"title": "Winter CMS vulnerable to stored XSS through privileged upload of SVG file"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37269",
"datePublished": "2023-07-07T21:19:38.971Z",
"dateReserved": "2023-06-29T19:35:26.438Z",
"dateUpdated": "2025-02-13T16:56:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39357 (GCVE-0-2022-39357)
Vulnerability from cvelistv5 – Published: 2022-10-26 00:00 – Updated: 2025-04-23 16:43
VLAI?
Title
Winter vulnerable to Prototype Pollution in Snowboard framework
Summary
Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.
Severity ?
8.1 (High)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.1.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:47:25.512688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:43:01.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "winter",
"vendor": "wintercms",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.8, \u003c 1.1.10"
},
{
"status": "affected",
"version": "= 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q"
},
{
"url": "https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1"
},
{
"url": "https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f"
},
{
"url": "https://github.com/wintercms/winter/releases/tag/v1.1.10"
},
{
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.1"
}
],
"source": {
"advisory": "GHSA-3fh5-q6fg-w28q",
"discovery": "UNKNOWN"
},
"title": "Winter vulnerable to Prototype Pollution in Snowboard framework"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39357",
"datePublished": "2022-10-26T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:43:01.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}