Lucene search
HistoryFeb 09, 2023 - 10:15 p.m.
CVE-2023-24690
churchcrm 4.5.3
stored xss
vulnerability
/api/public/register/family
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.3%
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
Affected configurations
Node
churchcrmchurchcrmRange≤4.5.3
Related
osv
osv
CVE-2023-24690
2023-02-09 22:15:11
cve
cve
CVE-2023-24690
2023-02-09 22:15:11
cvelist
cvelist
CVE-2023-24690
2023-02-09 00:00:00
prion
prion
Cross site scripting
2023-02-09 22:15:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.3%
Related for NVD:CVE-2023-24690