CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

NVD•added 2026/04/07 6:16 p.m.•2 views

CVE-2026-39336

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Directory Reports form fields set from config, Person editor defaults rendered into address fields, and external self-registration form defaults. This is primarily an admin-to-adm...

6.1CVSS0.00035EPSS

Exploits0References1

CVE•added 2026/04/07 5:40 p.m.•3 views

CVE-2026-39336

ChurchCRM prior to 7.1.0 is affected by a stored XSS in HTML attributes driven by unescaped config values, impacting Directory Reports fields, Person editor defaults, and external self-registration defaults. Root cause is abuse of writable configuration fields in an admin-to-admin path. The issue...

6.1CVSS5.8AI score0.00035EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/07 5:40 p.m.•0 views

CVE-2026-39336 ChurchCRM has Stored XSS from unescaped config values in HTML attributes

6.1CVSS5.8AI score0.00035EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 5:40 p.m.•1 views

CVE-2026-39336

6.1CVSS5.8AI score0.00035EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/07 5:40 p.m.•7 views

EUVD-2026-19833

6.1CVSS5.8AI score0.00035EPSS

Exploits0References1

CNNVD•added 2026/04/07 12:0 a.m.•2 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripting in directory report forms, personnel editor default addresses, and external...

6.1CVSS5.7AI score0.00035EPSS

Exploits0References1

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-30959

6.1CVSS5.8AI score0.00035EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by