Lucene search
K

9 matches found

CNVD
CNVD
added 2023/08/15 12:0 a.m.13 views

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2023-64218)

ChurchCRM is an open source CRM system for churches. A cross-site scripting vulnerability exists in ChurchCRM version 4.2.1, which stems from the lack of effective filtering and escaping of user-supplied data in the Add New Deposit field of the View All Deposit module, and can be exploited by an...

5.4CVSS6.3AI score0.00411EPSS
Exploits1References1
OSV
OSV
added 2023/08/11 2:15 p.m.19 views

CVE-2020-28849

Cross Site Scripting XSS vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module...

5.4CVSS6.6AI score
Exploits0References1
NVD
NVD
added 2023/08/11 2:15 p.m.26 views

CVE-2020-28849

Cross Site Scripting XSS vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module...

5.4CVSS5.6AI score0.00411EPSS
Exploits1References1
Prion
Prion
added 2023/08/11 2:15 p.m.17 views

Cross site scripting

Cross Site Scripting XSS vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module...

4.9CVSS5.8AI score0.00411EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/08/11 12:0 a.m.42 views

CVE-2020-28849

ChurchCRM 4.2.1 is affected by a Cross-Site Scripting (XSS) vulnerability in the Add New Deposit field of the View All Deposit module. The flaw arises from insufficient input filtering/escaping of user-supplied data, enabling remote attackers to inject arbitrary script or HTML. Multiple connected...

5.4CVSS5.6AI score0.00411EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.2 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source CRM system for churches. A cross-site scripting vulnerability exists in ChurchCRM version 4.2.1, which stems from the lack of effective filtering and escaping of user-supplied data in the Add New Deposit field of the View All Deposit module, and can be exploited by an...

5.4CVSS6.2AI score0.00411EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/11 12:0 a.m.25 views

CVE-2020-28849

Cross Site Scripting XSS vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module...

5.6AI score0.00411EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.15 views

CVE-2020-28849

Cross Site Scripting XSS vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module...

6.4AI score0.00411EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/11 12:0 a.m.8 views

PT-2023-11772 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.2.1 Description: The issue allows remote attackers to execute arbitrary code and gain sensitive information via a crafted payload in the Add New Deposit field in the View All Deposit module. This is a Cross Site Scripting...

5.4CVSS5.6AI score0.00411EPSS
Exploits1References7
Rows per page
Query Builder