2 matches found
CVE-2023-25346
A reflected cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found...
CVE-2023-25346
ChurchCRM 4.5.3 is affected by a reflected XSS in the id parameter of /churchcrm/v2/family/not-found. The NVD/Nuclei and related feeds confirm this is a client-side script injection issue that arises from improper handling of user-supplied input and can lead to script execution in users’ browsers...