Lucene search
+L
GrabaperchPerch

4 matches found

cve
cve
added 2017/10/28 12:0 a.m.66 views

CVE-2017-15948

Perch Content Management System 3.0.3 is affected by an unrestricted file upload vulnerability (Asset Title with Select File) that can yield XSS under a Limited Admin account. Connected sources confirm Perch 3.0.3 and the upload weakness; no remediation details are provided in the supplied docume...

4.8CVSS5.1AI score0.00589EPSS
Web
cve
cve
added 2026/01/07 12:0 a.m.19 views

CVE-2025-66686

The CVE describes a stored Cross-Site Scripting (XSS) flaw in Perch CMS version 3.2. An attacker with administrative privileges can inject malicious JavaScript into the “Help button url” in the admin panel; the payload is stored and executes when any authenticated user clicks the Help button. Imp...

6.1CVSS5.3AI score0.00187EPSS
cve
cve
added 2025/12/15 8:28 p.m.17 views

CVE-2023-53890

CVE-2023-53890 is associated with Perch CMS 3.2 and involves a stored cross-site scripting vulnerability where authenticated users can upload SVG files containing embedded JavaScript. The underlying issue is that crafted SVGs with script tags can execute when viewed, enabling client-side attacks ...

5.4CVSS5.7AI score0.00201EPSS
cve
cve
added 2025/12/15 8:28 p.m.12 views

CVE-2023-53889

Perch CMS 3.2 is affected by a remote code execution through an unrestricted file upload in the assets management interface. Authenticated administrators can upload arbitrary PHP files (e.g., a .phar with embedded system command execution) to run commands on the server. Root cause: improper valid...

8.6CVSS8.4AI score0.00808EPSS