ChurchCRM Cross-Site Scripting Vulnerability

ChurchCRM is an open source CRM system built for churches. churchCRM version 4.4.5 has a cross-site scripting vulnerability that can be exploited by attackers to launch an XSS attack by entering javascript code via the sHeader field...

Cross site scripting

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...

CVE-2022-36137

CVE-2022-36137 affects ChurchCRM 4.4.5 with stored XSS via the sHeader field (location input). The issue is triggered by untrusted input that can be stored and reflected, enabling an attacker to inject JavaScript. According to the available data, exploitation requires user interaction and elevate...

PT-2022-23219 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.4.5 Description: The issue allows attackers to store XSS via location input sHeader. This enables potential malicious activities. Recommendations: For ChurchCRM version 4.4.5, as a temporary workaround, consider restrictin...

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source CRM system built for churches. churchCRM version 4.4.5 has a cross-site scripting vulnerability that can be exploited by attackers to launch an XSS attack by entering javascript code via the sHeader field...