Lucene search
K

8 matches found

NVD
NVD
added 2026/04/13 5:16 p.m.4 views

CVE-2026-39940

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

5.3CVSS0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 4:34 p.m.19 views

CVE-2026-39940 ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

5.3CVSS0.00269EPSS
Exploits0References2
CVE
CVE
added 2026/04/13 4:34 p.m.8 views

CVE-2026-39940

ChurchCRM prior to 7.0.0 exposes an open redirect via the linkBack URL parameter in DonatedItemEditor.php, allowing an authenticated user to be redirected to an attacker‑controlled URL when clicking Cancel. This affects versions before 7.0.0; the issue is fixed in 7.0.0. The CVSS metrics indicate...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 4:34 p.m.3 views

CVE-2026-39940 ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 3:53 p.m.15 views

CVE-2026-35578

CVE-2026-35578 affects ChurchCRM prior to version 7.0.0, where an Open Redirect can be triggered via the linkBack URL parameter in DonatedItemEditor.php. The vulnerability allows an authenticated user to be redirected to an attacker-specified URL when interacting with certain Cancel flows. The is...

5.9AI score0.00043EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/07 3:53 p.m.2 views

CVE-2026-35578

...

5.8AI score0.00043EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30891

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

5.3CVSS5.9AI score0.00043EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.4 views

PT-2025-7494 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A boolean-based and time-based blind SQL Injection vulnerability exists in the DonatedItemEditor functionality, allowing an attacker to execute arbitrary SQL queries. The CurrentFundraiser...

9.3CVSS9.9AI score0.00683EPSS
Exploits1References10
Rows per page
Query Builder