ChurchCRM is an open source CRM system for churches. A cross-site scripting vulnerability exists in ChurchCRM v4.5.4. The vulnerability stems from the application’s lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.
CPE | Name | Operator | Version |
---|---|---|---|
churchcrm churchcrm v | eq | 4.5.4 |