Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm churchcrm 4.5.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25346
A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.
Churchcrm Churchcrm 4.5.3
NA
CVE-2023-25348
ChurchCRM 4.5.3 exists to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow malicious users to execute arbitrary code via a crafted excel file.
Churchcrm Churchcrm 4.5.3
NA
CVE-2023-24685
ChurchCRM v4.5.3 and below exists to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
Churchcrm Churchcrm
NA
CVE-2023-24690
ChurchCRM 4.5.3 and below exists to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
Churchcrm Churchcrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2