WinterCMS 1.2.3 Cross Site Scripting

# Exploit Title: Stored XSS in WinterCMS 1.2.3 Plugin Components# Date: 12/7/2023# Exploit Author: tmrswrr# Vendor Homepage: https://wintercms.com/# Software Link: https://github.com/wintercms/winter# Version: 1.2.3# Tested on: debian 9PoC   1. Access the WinterCMS backend at http://localhost/backend/cms.   2. Navigate to the Plugin Components section.   3. In the Markup Code input field, insert the following payload:   "<sVg/onLy=1 onLoaD=confirm(1)//".   4. Save the input and click on the "Preview" button.   5. The injected script executes, demonstrating the XSS vulnerability.