Lucene search
K

4 matches found

Packet Storm
Packet Storm
•added 2026/04/13 12:0 a.m.•119 views

📄 ChurchCRM 6.4.0 Cross Site Scripting

ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment. CVE-2025-67876: ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking Overview | Field | Details | |---|---| | CVE ID | CVE-2025-67876 | | Severity ...

9.3CVSS5.2AI score0.00165EPSS
Exploits2
Cvelist
Cvelist
•added 2025/12/17 9:18 p.m.•24 views

CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

9.3CVSS0.00165EPSS
Exploits2References1
OSV
OSV
•added 2025/12/17 9:18 p.m.•4 views

CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

9.3CVSS5.5AI score0.00165EPSS
Exploits2References3
CNNVD
CNNVD
•added 2025/12/17 12:0 a.m.•9 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...

9.3CVSS5.6AI score0.00165EPSS
Exploits2References2
Rows per page
Query Builder