-
-
Notifications
You must be signed in to change notification settings - Fork 194
Security: wintercms/winter
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Local File Inclusion through Server Side Template Injection via LESS compilation of values provided to the Backend ColorPicker FormWidgetGHSA-2x7r-93ww-cxrq published
Dec 28, 2023 by LukeTowersLow -
Stored XSS through Backend ColorPicker FormWidgetGHSA-43w4-4j3c-jx29 published
Dec 28, 2023 by LukeTowersLow -
Stored XSS through privileged upload of Media Manager file followed by renamingGHSA-4wvw-75qh-fqjp published
Dec 28, 2023 by LukeTowersLow -
Stored XSS through privileged upload of SVG fileGHSA-wjw2-4j7j-6gc3 published
Jul 7, 2023 by LukeTowersLow -
Prototype pollution in Snowboard frameworkGHSA-3fh5-q6fg-w28q published
Oct 26, 2022 by bennothommoLow -
Bypass of CMS Safe Mode Security FeatureGHSA-q37h-jhf3-85cj published
Jul 15, 2022 by LukeTowersModerate