Vulnerabilities in wintercms
9 resultsCVE-2023-52085LOWWinter CMS Local File Inclusion through Server Side Template Injection EPSS 30.2%CVE-2023-37269LOWWinter CMS vulnerable to stored XSS through privileged upload of SVG fileEPSS 1.6%CVE-2022-39357HIGHWinter vulnerable to Prototype Pollution in Snowboard frameworkEPSS 1.0%CVE-2024-32003HIGHDusk plugin may allow unfettered user authentication in misconfigured installsEPSS 0.7%CVE-2026-27591CRITICALWinter: Privilege escalation by authenticated backend usersEPSS 0.5%CVE-2024-54149HIGHWinter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletionEPSS 0.4%CVE-2023-52083LOWStored XSS through privileged upload of Media Manager file followed by renamingEPSS 0.3%CVE-2023-52084LOWWinter CMS Stored XSS through Backend ColorPicker FormWidgetEPSS 0.3%CVE-2026-22254NONEWinter Affected by Stored Cross-Site Scripting (XSS) in Asset ManagerEPSS 0.3%