25 matches found
CVE-2023-26839
A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site...
CVE-2023-42463
CVE-2023-42463 affects Wazuh; a stack overflow vulnerability could enable local privilege escalation. Public references describe the issue in the Wazuh log collection path, with multiple sources naming an integer/stack-related flaw and patching in version 4.5.3. The ZDI advisory notes that exploi...
CVE-2023-42463 wazuh-logcollector integer underflow local privilege escalation
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3...
Cross site scripting
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
SAP Message Server Authorization Issues Vulnerability
SAP Message Server is a message server application from SAP Germany. SAP Message Server is vulnerable to authorization issues, no details of the vulnerability are provided at this time...
CVE-2023-33661
Multiple cross-site scripting XSS vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters...
CVE-2023-31548
A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-26841
A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in...
CVE-2023-26839
A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site...
CVE-2023-26840
A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator...
CVE-2023-26839
A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site...
Design/Logic Flaw
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...
CVE-2023-27059
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
CVE-2023-27059
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...
CVE-2023-24686
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...
CVE-2023-24686
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...
CVE-2023-24685
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...