Refine your search
2 vulnerabilities found for by Perch
CVE-2023-53890 (GCVE-0-2023-53890)
Vulnerability from cvelistv5
Published
2025-12-15 20:28
Modified
2025-12-15 21:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:37:23.714568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:46:23.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51621"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Perch",
"vendor": "Perch",
"versions": [
{
"status": "affected",
"version": "3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:28:23.578Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51621",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51621"
},
{
"name": "Perch Product Webpage",
"tags": [
"product"
],
"url": "https://grabaperch.com/"
},
{
"name": "VulnCheck Advisory: Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/perch-cms-stored-cross-site-scripting-via-svg-file-upload"
}
],
"title": "Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53890",
"datePublished": "2025-12-15T20:28:23.578Z",
"dateReserved": "2025-12-15T01:02:32.435Z",
"dateUpdated": "2025-12-15T21:46:23.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53889 (GCVE-0-2023-53889)
Vulnerability from cvelistv5
Published
2025-12-15 20:28
Modified
2025-12-15 21:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:37:32.145451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:46:30.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51620"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Perch",
"vendor": "Perch",
"versions": [
{
"status": "affected",
"version": "3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:28:23.135Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51620",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51620"
},
{
"name": "Perch Product Webpage",
"tags": [
"product"
],
"url": "https://grabaperch.com/"
},
{
"name": "VulnCheck Advisory: Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/perch-cms-remote-code-execution-via-unrestricted-file-upload"
}
],
"title": "Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53889",
"datePublished": "2025-12-15T20:28:23.135Z",
"dateReserved": "2025-12-15T01:02:32.435Z",
"dateUpdated": "2025-12-15T21:46:30.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}