CVE-2025-68399

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting XSS vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to...

CVE-2025-68399

ChurchCRM security advisory documents describe a Stored Cross-Site Scripting (XSS) in the GroupEditor.php page occurring in versions prior to 6.5.4 . The vulnerability allows an attacker to inject JavaScript when creating a group role, but requires the attacker to have permission to view and modi...

PT-2025-51931

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.4 Description ChurchCRM is an open-source church management system. A Stored Cross-Site Scripting XSS issue exists within the GroupEditor.php page. A user creating a group role can execute malicious JavaScript,...

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source church management system. ChurchCRM has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the GroupEditor.php page, which can be exploited by an attacker to execute arbitrary Web script or HTML by...