CVE-2023-52084

CVSS v3 2.0 LOW

2.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

W

inter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.

References

Link	Resource
https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba	Patch
https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29	Patch Vendor Advisory
https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba	Patch
https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:39

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 2.0
References	~~() https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba - Patch~~	() https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba - Patch
References	~~() https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29 - Patch, Vendor Advisory~~	() https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29 - Patch, Vendor Advisory

Information

Published : 2023-12-28 23:15

Updated : 2024-11-21 08:39

NVD link : CVE-2023-52084

Mitre link : CVE-2023-52084

CVE.ORG link : CVE-2023-52084

JSON object : View

Products Affected

winter

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-52084", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-12-28T23:15:43.777", "references": [{"url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/wintercms/winter/commit/517f65dfae679b57575b047de13c5af48915a5ba", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/wintercms/winter/security/advisories/GHSA-43w4-4j3c-jx29", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4."}, {"lang": "es", "value": "Winter es un sistema de gesti\u00f3n de contenidos gratuito y de c\u00f3digo abierto. Antes de 1.2.4, los usuarios con acceso a formularios de backend que incluyen un FormWidget ColorPicker pueden proporcionar un valor que luego se mostrar\u00eda sin formato de escape en el formulario de backend, lo que podr\u00eda permitir un ataque XSS almacenado. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.4."}], "lastModified": "2024-11-21T08:39:08.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EE69DF4-BDE7-4A22-9947-BBD648026BA4", "versionEndExcluding": "1.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}