wintercms/winter Security Advisories for v1.1.8 (4)
-
[HIGH] Winter CMS Server-Side Template Injection (SSTI) vulnerability
PKSA-8f2z-f7m8-2xxr CVE-2024-29686 GHSA-8r5j-gm3j-cx9c
Affected version: <=1.2.3
Reported by:
GitHub -
[LOW] Winter CMS stored XSS through privileged upload of SVG file
PKSA-ysj2-6nmd-36qh CVE-2023-37269 GHSA-wjw2-4j7j-6gc3
Affected version: <1.2.3
Reported by:
GitHub -
[HIGH] Prototype pollution in Snowboard framework
PKSA-ptqm-3112-nnkg CVE-2022-39357 GHSA-3fh5-q6fg-w28q
Affected version: >=1.2.0,<1.2.1|>=1.1.8,<1.1.10
Reported by:
GitHub -
[MEDIUM] Bypass of CMS Safe Mode Security Feature
PKSA-9yvg-cg4g-vyyr GHSA-q37h-jhf3-85cj
Affected version: >=1.1.0,<1.1.9|<1.0.475
Reported by:
GitHub