Lucene search

PRIOn knowledge basePRION:CVE-2022-36137

HistoryNov 29, 2022 - 4:15 a.m.

Cross site scripting

2022-11-2904:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

churchcrm

version 4.4.5

xss vulnerabilities

location input

sheader

nvd

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.5%

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.

CPENameOperatorVersion
churchcrmeq4.4.5

CPE	Name	Operator	Version
	churchcrm	eq	4.4.5

References

github.com/ChurchCRM/CRM/releases/tag/4.4.5

grimthereaperteam.medium.com/churchcrm-version-4-4-5-stored-xss-vulnerability-at-sheader-2ed4184030f7