Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/wintercms/winter@1.2.3
purl pkg:composer/wintercms/winter@1.2.3
Next non-vulnerable version 1.2.4
Latest non-vulnerable version 1.2.4
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-82x1-84ph-s7g8
Aliases:
CVE-2023-52085
GHSA-2x7r-93ww-cxrq
Winter CMS Local File Inclusion through Server Side Template Injection
1.2.4
Affected by 0 other vulnerabilities.
VCID-9wag-1v6a-hbh2
Aliases:
CVE-2023-52083
GHSA-4wvw-75qh-fqjp
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
1.2.4
Affected by 0 other vulnerabilities.
VCID-sbbp-tuwk-aba9
Aliases:
CVE-2024-29686
GHSA-8r5j-gm3j-cx9c
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.
1.2.4
Affected by 0 other vulnerabilities.
VCID-sjjh-efgd-57bd
Aliases:
CVE-2023-52084
GHSA-43w4-4j3c-jx29
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
1.2.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-zjcj-3jq6-eqfy CVE-2023-37269
GHSA-wjw2-4j7j-6gc3

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:26:27.569901+00:00 GHSA Importer Fixing VCID-zjcj-3jq6-eqfy https://github.com/advisories/GHSA-wjw2-4j7j-6gc3 38.6.0
2026-06-12T19:15:46.401770+00:00 GitLab Importer Affected by VCID-82x1-84ph-s7g8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wintercms/winter/CVE-2023-52085.yml 38.6.0
2026-06-12T19:15:38.069891+00:00 GitLab Importer Affected by VCID-sjjh-efgd-57bd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wintercms/winter/CVE-2023-52084.yml 38.6.0
2026-06-12T19:15:36.609793+00:00 GitLab Importer Affected by VCID-9wag-1v6a-hbh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wintercms/winter/CVE-2023-52083.yml 38.6.0
2026-06-12T15:48:24.325019+00:00 GitLab Importer Affected by VCID-sbbp-tuwk-aba9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wintercms/winter/CVE-2024-29686.yml 38.6.0
2026-06-12T15:46:34.250106+00:00 GitLab Importer Fixing VCID-zjcj-3jq6-eqfy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wintercms/winter/CVE-2023-37269.yml 38.6.0
2026-06-12T07:59:40.201324+00:00 GithubOSV Importer Fixing VCID-zjcj-3jq6-eqfy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-wjw2-4j7j-6gc3/GHSA-wjw2-4j7j-6gc3.json 38.6.0
2026-06-11T20:34:19.826684+00:00 GHSA Importer Affected by VCID-sbbp-tuwk-aba9 https://github.com/advisories/GHSA-8r5j-gm3j-cx9c 38.6.0