2 matches found
CVE-2026-35574
ChurchCRM (open-source church management software) contains a Stored XSS vulnerability in the Note Editor prior to version 6.5.3. Authenticated users with note-adding permissions can inject JavaScript that runs in other users’ browsers (including admins), leading to potential session hijacking, p...
CVE-2026-35574 ChurchCRM has a Stored XSS in Person Profile - Add a Note
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...