Security Advisory

CVE-2023-52085

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-29 00:00:03

Last updated 2024-08-02 22:48:12

Assigner GitHub_M

State PUBLISHED

Description

Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.

← Browse all CVEs View on cve.org ↗