10 matches found
EUVD-2026-22011
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...
CVE-2026-39940 ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...
CVE-2026-39940 ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...
CVE-2026-39940
ChurchCRM prior to 7.0.0 exposes an open redirect via the linkBack URL parameter in DonatedItemEditor.php, allowing an authenticated user to be redirected to an attacker‑controlled URL when clicking Cancel. This affects versions before 7.0.0; the issue is fixed in 7.0.0. The CVSS metrics indicate...
PT-2026-32399
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...
CVE-2026-35578
Rejected reason: This CVE is a duplicate of another CVE. REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39940. Reason: This candidate is a reservation duplicate of CVE-2026-39940. Notes: All CVE users should reference CVE-2026-39940 instead of this candidate. All references and...
CVE-2026-35578
CVE-2026-35578 affects ChurchCRM prior to version 7.0.0, where an Open Redirect can be triggered via the linkBack URL parameter in DonatedItemEditor.php. The vulnerability allows an authenticated user to be redirected to an attacker-specified URL when interacting with certain Cancel flows. The is...
CVE-2026-35578
...
CVE-2026-35578
...
CVE-2026-35578
This CVE is a duplicate of another CVE. REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39940. Reason: This candidate is a reservation duplicate of CVE-2026-39940. Notes: All CVE users should reference CVE-2026-39940 instead of this candidate. All references and descriptions in this...