CVE-2023-53890
Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
Perch · Perch