Perch CMS Stored Cross-Site Scripting Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability has been identified in Perch CMS version 3.2. This vulnerability allows an authenticated attacker with administrative privileges to inject malicious JavaScript into the 'Help button url' setting in the admin panel. The injected script is executed when any authenticated user clicks the Help button, which could lead to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions.

Impact

Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user clicking the Help button. This could lead to session hijacking, unauthorized actions, and information disclosure.

Reproduction

To reproduce this vulnerability, log into Perch CMS 3.2 as an admin user. Navigate to the Settings panel and locate the 'Help button url' input field. Inject a JavaScript payload, such as one that triggers an alert, and save the changes. Afterward, log in as a user with lower privileges, such as an Editor, and click the Help button to execute the injected script.