CVE-2023-53890

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2

Description The application allows authenticated users to upload malicious SVG files containing embedded JavaScript. An attacker can craft SVG files with script tags that execute when the file is viewed, potentially leading to client-side attacks or the theft of user session information. The issue involves a stored cross-site scripting condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.