## https://sploitus.com/exploit?id=PACKETSTORM:176104
# Exploit Title: Stored XSS in WinterCMS 1.2.3 Plugin Components
# Date: 12/7/2023
# Exploit Author: tmrswrr
# Vendor Homepage: https://wintercms.com/
# Software Link: https://github.com/wintercms/winter
# Version: 1.2.3
# Tested on: debian 9
PoC
1. Access the WinterCMS backend at http://localhost/backend/cms.
2. Navigate to the Plugin Components section.
3. In the Markup Code input field, insert the following payload:
"<sVg/onLy=1 onLoaD=confirm(1)//".
4. Save the input and click on the "Preview" button.
5. The injected script executes, demonstrating the XSS vulnerability.