CVE-2026-35574

creationtimestamp| type| source ---|---|--- 2026-04-07 19:33:43+00:00| seen| Telegram/7stdzVfIjMVb7tvEQLoql-CFRLg5JIYu0eUqsXCfmQ30DI4 2026-04-07 19:33:54+00:00| seen| Telegram/2sVgvXJxKnqdd0t3ix7z2PFFoP4qMIqNMJ7HHwXtd94aJL4 2026-04-17 05:07:08+00:00| seen|...

CVE-2026-35574

ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...