CVE-2025-66686
- EPSS 0.04%
- Veröffentlicht 07.01.2026 00:00:00
- Zuletzt bearbeitet 21.01.2026 22:07:52
A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected p...
CVE-2023-53889
- EPSS 0.41%
- Veröffentlicht 15.12.2025 20:28:23
- Zuletzt bearbeitet 23.01.2026 02:36:27
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command exec...
CVE-2023-53890
- EPSS 0.04%
- Veröffentlicht 15.12.2025 20:28:23
- Zuletzt bearbeitet 23.01.2026 02:36:38
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentiall...
CVE-2017-15948
- EPSS 0.22%
- Veröffentlicht 28.10.2017 00:29:00
- Zuletzt bearbeitet 16.01.2026 19:22:10
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account.