Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNVD
CNVDadded 2025/12/25 12:0 a.m.2 views

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0536090)

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...

9.3CVSS5.8AI score0.00165EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/12/18 9:34 p.m.4 views

CVE-2025-67876

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

9.3CVSS5.6AI score0.00165EPSS
Exploits2References1
EUVD
EUVDadded 2025/12/17 9:40 p.m.2 views

EUVD-2025-203986

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting XSS vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to...

5.1CVSS4.9AI score0.00162EPSS
Exploits1References1
CVE
CVEadded 2025/12/17 9:18 p.m.12 views

CVE-2025-67876

ChurchCRM suffers a stored XSS in group role names for versions 6.4.0 and earlier. A low-privilege user with the Manage Groups permission can inject JavaScript that is saved in the database and executed when pages render group roles (e.g., GroupView.php, PersonView.php), enabling full session hij...

9.3CVSS5.2AI score0.00165EPSS
Exploits2References1Affected Software1
EUVD
EUVDadded 2025/12/17 9:18 p.m.4 views

EUVD-2025-203993

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

9.3CVSS5.1AI score0.00165EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2025/12/17 12:0 a.m.3 views

PT-2025-51922

Name of the Vulnerable Software and Affected Versions ChurchCRM versions 6.4.0 and prior Description ChurchCRM is an open-source church management system affected by a stored cross-site scripting XSS issue. A user with the “Manage Groups” permission can inject persistent JavaScript into group rol...

9.3CVSS5.5AI score0.00165EPSS
Exploits2References6
Prion
Prionadded 2021/06/10 4:15 p.m.20 views

Authentication flaw

In LabCup before v2next18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email...

3.5CVSS4.6AI score0.00684EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder