Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Winter CMS

Building a simple CMS platform and ecosystem to make development enjoyable.
Collective - Host: opensource - https://opencollective.com/wintercms - Website: https://wintercms.com - Code: https://github.com/wintercms

High

wn-dusk-plugin: GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A

Dusk plugin may allow unfettered user authentication in misconfigured installs
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: github
Published: 6 months ago

Low

winter: GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je

Winter CMS Local File Inclusion through Server Side Template Injection
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: github
Published: 10 months ago

Low

winter: GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN

Winter CMS Stored XSS through Backend ColorPicker FormWidget
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: github
Published: 10 months ago

Low

winter: GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM

Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Ecosystems: packagist
Packages: winter/wn-system-module
Source: github
Published: 10 months ago

Low

winter: GSA_kwCzR0hTQS13ancyLTRqN2otNmdjM84AA0fu

Winter CMS stored XSS through privileged upload of SVG file
Ecosystems: packagist
Packages: wintercms/winter
Source: github
Published: over 1 year ago

High

winter: GSA_kwCzR0hTQS0zZmg1LXE2ZmctdzI4cc4AAvj1

Prototype pollution in Snowboard framework
Ecosystems: packagist
Packages: wintercms/winter
Source: github
Published: almost 2 years ago

Moderate

winter: GSA_kwCzR0hTQS1xMzdoLWpoZjMtODVjas4AAtaC

Bypass of CMS Safe Mode Security Feature
Ecosystems: packagist
Packages: wintercms/winter
Source: github
Published: over 2 years ago