ChurchCRM is an open source CRM system for churches. A cross-site scripting vulnerability exists in ChurchCRM v4.5.4. The vulnerability stems from the applicationβs lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.