CVE-2025-68275
ChurchCRM prior to version 6.5.3 contains a stored cross-site scripting vulnerability on the View Active People, View Inactive People, and View All People pages. The root cause is lack of effective filtering and escaping of user-supplied data on these listings, allowing an attacker to inject scri...