Lucene search

PRIOn knowledge basePRION:CVE-2023-38766

HistoryAug 08, 2023 - 4:15 p.m.

Cross site scripting

2023-08-0816:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

churchcrm v5.0.0

remote attack

arbitrary code execution

personview.php

nvd

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.

CPENameOperatorVersion
churchcrmeq5.0.0

CPE	Name	Operator	Version
	churchcrm	eq	5.0.0

References

churchcrm.io/

demo.churchcrm.io/master

github.com/0x72303074/CVE-Disclosures

github.com/ChurchCRM/CRM/wiki