CVE-2025-66686

A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...

CVE-2025-66686

The CVE describes a stored Cross-Site Scripting (XSS) flaw in Perch CMS version 3.2. An attacker with administrative privileges can inject malicious JavaScript into the “Help button url” in the admin panel; the payload is stored and executes when any authenticated user clicks the Help button. Imp...

CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...

CVE-2017-15948

Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...

Perch Content Management System Arbitrary File Upload Vulnerability

Perch Content Management System is a content management system for small websites. An arbitrary file upload vulnerability exists in Perch Content Management System version 3.0.3. The vulnerability can be exploited to upload arbitrary files to the web server system via the Asset Title and Select...

CVE-2017-15948

Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...