CVE-2025-66686 in Perchthông tin

Tóm tắt

Bởi MITRE • 07/01/2026

A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any authenticated user clicks the Help button, potentially leading to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

MITRE

Đặt trước

08/12/2025

Tiết lộ

07/01/2026

Kiểm duyệt

được chấp nhận

mục

VDB-339960

CPE

sẵn sàng

CWE

CWE-79 (Đã xác nhận)

CVSS

2.4 (VulDB)

EPSS

0.00068

KEV

không

Các hoạt động

rất thấp

ngành

Hostingprovider, Agriculture, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-66686
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-66686
CVE Details	https://www.cvedetails.com/cve/CVE-2025-66686/

◂ Trước Tổng Quan Tiếp theo ▸

Do you need the next level of professionalism?

Upgrade your account now!