CVE-2023-52084

Summary

CVE-2023-52084 is a stored XSS vulnerability affecting the Winter CMS, a free and open-source content management system. Prior to version 1.2.4, the platform's ColorPicker FormWidget did not properly escape user input in the backend forms. An attacker with access to these forms could inject malicious code, which would then be rendered unescaped upon submission. This issue allows for a stored XSS attack, but has been mitigated with the release of version 1.2.4.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.