37 matches found
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
Perch CMS 安全漏洞
Perch CMS is a content management system from Perch. A security vulnerability exists in Perch CMS version 3.2, which stems from a stored cross-site script in the Help button url setting in the admin panel, which could lead to session hijacking, information disclosure, elevation of privilege, or...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2023-53889
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...
CVE-2023-53890
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...
CVE-2023-53890
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...
CVE-2023-53889
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...
CVE-2023-53889
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...
CVE-2023-53890
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...
CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...
CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...
CVE-2023-53889
Perch CMS 3.2 is affected by a remote code execution through an unrestricted file upload in the assets management interface. Authenticated administrators can upload arbitrary PHP files (e.g., a .phar with embedded system command execution) to run commands on the server. Root cause: improper valid...
CVE-2023-53890
CVE-2023-53890 is associated with Perch CMS 3.2 and involves a stored cross-site scripting vulnerability where authenticated users can upload SVG files containing embedded JavaScript. The underlying issue is that crafted SVGs with script tags can execute when viewed, enabling client-side attacks ...
CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...
Perch CMS 安全漏洞
Perch CMS is a content management system from Perch. A security vulnerability exists in Perch CMS version 3.2 that stems from allowing authenticated administrators to upload arbitrary PHP files through the asset management interface, which could lead to remote code execution...
Perch CMS 安全漏洞
Perch CMS is a content management system from Perch, Inc. A security vulnerability exists in Perch CMS version 3.2 that stems from allowing authenticated users to upload malicious SVG files with embedded JavaScript, potentially leading to a stored cross-site scripting attack...
PT-2025-51307
Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description Perch CMS version 3.2 has a remote code execution issue. Authenticated administrators can upload arbitrary PHP files through the assets management interface. An attacker can upload a malicious .phar file...
PT-2025-51308
Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description The application allows authenticated users to upload malicious SVG files containing embedded JavaScript. An attacker can craft SVG files with script tags that execute when the file is viewed, potentially leadi...