Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.4 views

CVE-2026-39328

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

8.9CVSS5.9AI score0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:32 p.m.1 views

CVE-2026-39328

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

8.9CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/07 5:32 p.m.8 views

CVE-2026-39328

ChurchCRM before 7.1.0 has a stored XSS in the person profile editing feature. Non-admin users with EditSelf can inject JavaScript into Facebook, LinkedIn, and X profile fields; due to a 50-character limit, payloads span all three fields and chain onfocus handlers to execute when a profile is vie...

8.9CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/07 5:32 p.m.2 views

EUVD-2026-19823

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

8.9CVSS5.9AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 5:32 p.m.1 views

CVE-2026-39328 ChurchCRM has Stored XSS in Social Profile Fields

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

8.9CVSS5.9AI score0.00203EPSS
Exploits0References1
Rows per page
Query Builder