vendor:
Perch
by:
Mirabbas Agalarov
7.5
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Perch
Affected Version From: v3.2
Affected Version To: v3.2
Patch Exists: NO
Related CWE:
CPE: a:perch_cms:perch:3.2
Platforms Tested: Linux
2023
Perch v3.2 – Stored XSS
The Perch CMS version 3.2 is vulnerable to a stored XSS attack. By uploading a specially crafted SVG file, an attacker can execute arbitrary JavaScript code in the context of the victim's browser.
Mitigation:
Update to a patched version of Perch CMS.
