Lucene search
K

9 matches found

NVD
NVD
added 2026/04/09 4:16 p.m.5 views

CVE-2026-39941

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

6.1CVSS0.00263EPSS
Exploits1References3
CVE
CVE
added 2026/04/09 3:38 p.m.7 views

CVE-2026-39941

ChurchCRM (open-source church management system) has a stored XSS vulnerability up to version 7.0.x, where attacker-supplied input in EditEventAttendees.php (EName and EDesc) is rendered without proper output encoding, allowing arbitrary JavaScript execution in victims’ browsers. The issue is fix...

6.1CVSS6.1AI score0.00263EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/09 3:38 p.m.3 views

EUVD-2026-20948

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

5.3CVSS6.1AI score0.00263EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:38 p.m.4 views

CVE-2026-39941

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

5.3CVSS6.1AI score0.00263EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/09 3:38 p.m.22 views

CVE-2026-39941 ChurchCRM has an XSS vulnerability

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

5.3CVSS0.00263EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/17 9:38 p.m.13 views

CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

9.6CVSS0.00371EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/17 9:38 p.m.2 views

CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

9.6CVSS7.7AI score0.00371EPSS
Exploits1References1
CVE
CVE
added 2025/12/17 9:38 p.m.16 views

CVE-2025-68112

ChurchCRM (open-source church management system) has a SQL injection vulnerability in the Event Attendee Editor (and Event Participant Editor) affecting versions prior to 6.5.3. The issue allows authenticated users to submit arbitrary SQL, enabling complete database compromise, extraction of sens...

9.6CVSS7.7AI score0.00371EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.4 views

PT-2025-7493 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A boolean-based blind SQL Injection vulnerability exists in the EditEventAttendees functionality, allowing an attacker to execute arbitrary SQL queries. The EID parameter is directly concatenat...

9.3CVSS10AI score0.00583EPSS
Exploits1References10
Rows per page
Query Builder