CVE-2026-39333

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

EUVD-2026-19829

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

CVE-2026-39333

ChurchCRM before version 7.1.0 contains a reflected XSS in the FindFundRaiser.php endpoint where user-supplied DateStart/DateEnd are echoed into HTML input attributes without proper encoding. An authenticated attacker can craft a URL that, when visited by another authenticated user, executes arbi...

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper encoding of the DateStart and DateEnd parameters on the FindFundRaiser.php endpoint, which could lead to...