4 matches found
CVE-2026-35534
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...
CVE-2026-35534
ChurchCRM prior to version 7.1.0 is vulnerable to a stored cross-site scripting (XSS) in PersonView.php due to improper use of sanitizeText() as an output sanitizer for HTML attribute context. The function strips tags but does not escape quote characters, enabling an attacker with the EditRecords...
EUVD-2026-19718
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...
PT-2026-30887
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...