[HIGH] Winter CMS Server-Side Template Injection (SSTI) vulnerability

PKSA-8f2z-f7m8-2xxr CVE-2024-29686 GHSA-8r5j-gm3j-cx9c

Affected version: <=1.2.3

Reported by:
GitHub

[LOW] Winter CMS stored XSS through privileged upload of SVG file

PKSA-ysj2-6nmd-36qh CVE-2023-37269 GHSA-wjw2-4j7j-6gc3

Affected version: <1.2.3

Reported by:
GitHub