Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:41 p.m.7 views

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.4CVSS5.6AI score0.00189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/19 6:45 p.m.6 views

CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.3CVSS5.5AI score0.00189EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/19 6:45 p.m.24 views

CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.3CVSS0.00189EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/09/23 6:47 p.m.6 views

CVE-2025-58674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...

5.9CVSS5.5AI score0.00203EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.8 views

PT-2025-39189

Name of the Vulnerable Software and Affected Versions WordPress versions through 6.8.2 Description A flaw exists in WordPress that could allow retrieval of embedded sensitive data through insertion of sensitive information into sent data. The issue is considered low severity and requires...

7.2CVSS6.3AI score0.70822EPSS
Exploits4References29
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.5 views

WordPress theme Ask me 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress theme Ask me plugin version 6.8.2 previously contained a cross-site scripting...

6.1CVSS5.7AI score0.00757EPSS
Exploits1References2
Rows per page
Query Builder