Lucene search

MitreCVELIST:CVE-2023-38766

HistoryAug 08, 2023 - 12:00 a.m.

CVE-2023-38766

2023-08-0800:00:00

mitre

www.cve.org

cross site scripting

churchcrm

remote attacker

arbitrary code

crafted payload

personview.php

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.

References

churchcrm.io/

demo.churchcrm.io/master

github.com/0x72303074/CVE-Disclosures

github.com/ChurchCRM/CRM/wiki