exploitDog

CVE-2023-53890

Опубликовано: 15 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks.

Ссылки

https://grabaperch.com/
Product
https://www.exploit-db.com/exploits/51621
Exploit
https://www.vulncheck.com/advisories/perch-cms-stored-cross-site-scripting-via-svg-file-upload
Third Party Advisory
https://www.exploit-db.com/exploits/51621
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:grabaperch:perch:3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-j5m3-4q76-pf42

CVSS3: 5.4

github

около 2 месяцев назад

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks.

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79