Vulnerabilities

CVE-2025-66686 - Perch CMS Stored XSS Vulnerability - Full Analysis

2026-01-07 0 views admin
CVE-2025-66686 - Perch CMS Stored XSS Vulnerability - Full Analysis

CVE ID : CVE-2025-66686 Published : Jan. 7, 2026, 5:16 p.m. | 1 hour, 9 minutes ago Description : A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any authenticated user clicks the Help button, potentially leading to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Published
Jan. 7, 2026
Impact: XSS

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-66686

More from Vulnerabilities

CVE-2025-13753 - WP Table Builder <= 2.0.19 - incorrect authorization to authenticated (subscribe

CVE-2025-13753 - WP Table Builder <= 2.0.19 - incorrect authorization to authenticated (subscribe

2026-01-09 0
CVE-2025-13628 - Tutor LMS – eLearning and online course solution <= 3.9.3 - missing authorizatio

CVE-2025-13628 - Tutor LMS – eLearning and online course solution <= 3.9.3 - missing authorizatio

2026-01-09 0
CVE-2025-69194 - Wget2: arbitrary file write via metalink path traversal in gnu wget2 - 2025 Update

CVE-2025-69194 - Wget2: arbitrary file write via metalink path traversal in gnu wget2 - 2025 Update

2026-01-09 0
CVE-2025-14937 - Frontend Admin by DynamiApps <= 3.28.23 - unauthenticated stored cross-site scri

CVE-2025-14937 - Frontend Admin by DynamiApps <= 3.28.23 - unauthenticated stored cross-site scri

2026-01-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views