3 matches found
CVE-2026-39332
CVE-2026-39332 affects ChurchCRM prior to version 7.1.0, where a reflected Cross-Site Scripting (XSS) flaw in GeoPage.php allows an authenticated user to inject arbitrary JavaScript into another authenticated user’s browser. The payload auto-executes via autofocus, requiring no user interaction, ...
CVE-2026-39332 ChurchCRM has Reflected Cross-Site Scripting (XSS) in GeoPage.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting XSS vulnerability in GeoPage.php allows any authenticated user to inject arbitrary JavaScript into the browser of another authenticated user. Because the payload fires automatically via autofocu...
EUVD-2026-19827
ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting XSS vulnerability in GeoPage.php allows any authenticated user to inject arbitrary JavaScript into the browser of another authenticated user. Because the payload fires automatically via autofocu...