Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
churchcrm vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-25346
A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote malicious users to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.
Churchcrm Churchcrm 4.5.3
5.4
CVSSv3
CVE-2023-25347
A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote malicious users to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.
Churchcrm Churchcrm 4.5.3
7.8
CVSSv3
CVE-2023-25348
ChurchCRM 4.5.3 exists to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow malicious users to execute arbitrary code via a crafted excel file.
Churchcrm Churchcrm 4.5.3
5.4
CVSSv3
CVE-2023-27059
A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.
Churchcrm Churchcrm 4.5.3
8.8
CVSSv3
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote malicious users to execute arbitrary code via crafted CSV file.
Churchcrm Churchcrm 4.2.0
5.4
CVSSv3
CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Churchcrm Churchcrm 4.5.3
4.8
CVSSv3
CVE-2022-36136
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow malicious users to store XSS via location input Deposit Comment.
Churchcrm Churchcrm 4.4.5
4.8
CVSSv3
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow malicious users to store XSS via location input sHeader.
Churchcrm Churchcrm 4.4.5
7.5
CVSSv3
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
Churchcrm Churchcrm 5.0.0
6.1
CVSSv3
CVE-2023-38761
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote malicious user to execute arbitrary code via a crafted payload to the systemSettings.php component.
Churchcrm Churchcrm 5.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »