3 matches found
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...
PT-2025-51308
Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description The application allows authenticated users to upload malicious SVG files containing embedded JavaScript. An attacker can craft SVG files with script tags that execute when the file is viewed, potentially leadi...