[LOW] Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager

PKSA-dsmp-sffr-jt46 CVE-2026-22254 GHSA-m7gw-rffq-rxjm

Affected version: <=1.2.9

Reported by:
GitHub