2 matches found
CVE-2025-0981
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting XSS vulnerability in the Group Editor page. This allows admin users to inject malicious JavaScript in the description field, which captures the sessi...
CVE-2025-0981
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting XSS vulnerability in the Group Editor page. This allows admin users to inject malicious JavaScript in the description field, which captures the sessi...