CNNVD-202512-2626 Information

CNNVD ID

CNNVD-202512-2626

Related CVE

CVE-2023-53890

• CNNVD Published: 2025-12-15

Description (Chinese)

Perch CMS是Perch公司的一个内容管理系统。 Perch CMS 3.2版本存在安全漏洞，该漏洞源于允许经过身份验证的用户上传带有嵌入式JavaScript的恶意SVG文件，可能导致存储型跨站脚本攻击。

Description (English)

Perch CMS is a content management system for Perch. Version 3.2 of Perch CMS has a security loophole, which stems from allowing the uploading of malicious SVG files with embedded JavaScript by an identified user, which may result in a storage-type cross-station script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Perch

Published

2025-12-15

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51621 https://grabaperch.com/ https://www.vulncheck.com/advisories/perch-cms-stored-cross-site-scripting-via-svg-file-upload https://access.redhat.com/security/cve/cve-2023-53890