CVE-2023-53890

MEDIUM

Perch CMS 3.2 - XSS

Title source: llm

Description

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks.

Exploits (1)

exploitdb WORKING POC

by Mirabbas Ağalarov · textwebappsphp

https://www.exploit-db.com/exploits/51621

View Code ZIP pw:eip

References (3)

[Product] https://grabaperch.com/

[Exploit] https://www.exploit-db.com/exploits/51621

[Third Party Advisory] https://www.vulncheck.com/advisories/perch-cms-stored-cross-site-scripting-via-svg-file-upload

Scores

CVSS v3 5.4

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

grabaperch/perch 3.2

Perch/Perch 3.2

Published Dec 15, 2025

Tracked Since Feb 18, 2026