4 matches found
CVE-2017-15948
Perch Content Management System 3.0.3 is affected by an unrestricted file upload vulnerability (Asset Title with Select File) that can yield XSS under a Limited Admin account. Connected sources confirm Perch 3.0.3 and the upload weakness; no remediation details are provided in the supplied docume...
CVE-2025-66686
The CVE describes a stored Cross-Site Scripting (XSS) flaw in Perch CMS version 3.2. An attacker with administrative privileges can inject malicious JavaScript into the “Help button url” in the admin panel; the payload is stored and executes when any authenticated user clicks the Help button. Imp...
CVE-2023-53890
CVE-2023-53890 is associated with Perch CMS 3.2 and involves a stored cross-site scripting vulnerability where authenticated users can upload SVG files containing embedded JavaScript. The underlying issue is that crafted SVGs with script tags can execute when viewed, enabling client-side attacks ...
CVE-2023-53889
Perch CMS 3.2 is affected by a remote code execution through an unrestricted file upload in the assets management interface. Authenticated administrators can upload arbitrary PHP files (e.g., a .phar with embedded system command execution) to run commands on the server. Root cause: improper valid...