wintercms/winter Security Advisories for v1.0.368 (3)
-
[HIGH] Winter CMS Server-Side Template Injection (SSTI) vulnerability
PKSA-8f2z-f7m8-2xxr CVE-2024-29686 GHSA-8r5j-gm3j-cx9c
Affected version: <=1.2.3
Reported by:
GitHub -
[LOW] Winter CMS stored XSS through privileged upload of SVG file
PKSA-ysj2-6nmd-36qh CVE-2023-37269 GHSA-wjw2-4j7j-6gc3
Affected version: <1.2.3
Reported by:
GitHub -
[MEDIUM] Bypass of CMS Safe Mode Security Feature
PKSA-9yvg-cg4g-vyyr GHSA-q37h-jhf3-85cj
Affected version: >=1.1.0,<1.1.9|<1.0.475
Reported by:
GitHub