CVE-2025-66686 in Perchinformación

Resumen

por MITRE • 2026-01-07

A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any authenticated user clicks the Help button, potentially leading to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

MITRE

Reservar

2025-12-08

Divulgación

2026-01-07

Moderación

aceptado

Artículo

VDB-339960

CPE

listo

CWE

CWE-79 (confirmado)

CVSS

2.4 (VulDB)

EPSS

0.00068

KEV

Actividades

muy bajo

Sector

Lawfirm, Hostingprovider, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-66686
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-66686
CVE Details	https://www.cvedetails.com/cve/CVE-2025-66686/

◂ Anterior Visión De Conjunto Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!