5 matches found
CVE-2023-26842
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...
CVE-2023-26842
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...
CVE-2023-26842
CVE-2023-26842 is a stored XSS vulnerability affecting ChurchCRM 4.5.3 . Exploitation occurs via the OptionManager.php path, allowing an attacker to inject arbitrary web script/HTML. Root cause is an XSS in input handling (CWE-79), with CVSS v3.1 metrics indicating network access, low attack comp...
PT-2023-20818 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A stored Cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. Recommendations: For ChurchCRM version 4.5.3, update to a version that fixe...
CVE-2023-26842
A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...