CVE-2026-58411 ChurchCRM has Reflected Cross-Site Scripting (XSS) via unsanitized request parameter names and values
ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting XSS vulnerabilities were identified due to insufficient output encoding of user-controlled request parameter names and parameter values. The application reflects attacker-controlled input into...