CVE-2024-25898
CVE-2024-25898 describes a cross-site scripting vulnerability in ChurchCRM v5.5.0, specifically when editing an event in EventEditor.php where attacker-supplied input in the Event Sermon field can inject malicious JavaScript or HTML. The affected component is ChurchCRM’s EventEditor.php; root cau...