CVSS 3.1 Score 5.4 of 10 (medium)


Published Dec 28, 2023
Updated: Jan 5, 2024


CVE-2023-52084 is a vulnerability found in the Winter content management system prior to version 1.2.4. It affects multiple products, including oj3pL0, oj3pL1, oj3pL2, and others. The vulnerability allows users with backend form access to inject malicious code through a ColorPicker FormWidget, potentially leading to a stored cross-site scripting (XSS) attack. The issue has been patched in version 1.2.4 of Winter CMS. The vulnerability has a risk score of 25 and is classified as medium severity.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-52084 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options