All 8 CVE vulnerabilities found in winter, with AI-generated Chinese analysis, references, and POCs.
Vendor: wintercms
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27591 | Winter: Privilege escalation by authenticated backend users CWE-284 | 10.0 | Critical | 2026-03-11 |
| CVE-2026-22254 | Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager CWE-79 | - | - | 2026-02-06 |
| CVE-2024-54149 | Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion CWE-184 | 8.5 | High | 2024-12-09 |
| CVE-2023-52085 | Winter CMS Local File Inclusion through Server Side Template Injection CWE-22 | 3.3 | Low | 2023-12-29 |
| CVE-2023-52084 | Winter CMS Stored XSS through Backend ColorPicker FormWidget CWE-79 | 2.0 | Low | 2023-12-28 |
| CVE-2023-52083 | Stored XSS through privileged upload of Media Manager file followed by renaming CWE-79 | 2.0 | Low | 2023-12-28 |
| CVE-2023-37269 | Winter CMS vulnerable to stored XSS through privileged upload of SVG file CWE-79 | 2.0 | Low | 2023-07-07 |
| CVE-2022-39357 | Winter vulnerable to Prototype Pollution in Snowboard framework CWE-1321 | 8.1 | High | 2022-10-26 |
All 8 known CVE vulnerabilities affecting winter with full Chinese analysis, references, and POCs where available.