CVE-2023-52083

Name of the Vulnerable Software and Affected Versions Winter CMS versions prior to 1.2.4

Description The issue allows users with the media.manage media permission to upload files to the Media Manager and rename them after uploading, potentially leading to a stored XSS attack. This is because media manager files were only sanitized on upload, not on renaming. The severity of this issue is considered low, as an attacker would already need to have trusted permissions in the Winter CMS backend and would need to convince the victim to directly visit the URL of the maliciously uploaded SVG. Additionally, the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN.

Recommendations For versions prior to 1.2.4, update to version 1.2.4 to ensure the system remains secure. As a temporary workaround for users unable to upgrade to v1.2.4, apply the patches manually from https://github.com/wintercms/winter/commit/2969daeea8dee64d292dbaa3778ea251e2a7e491.