Churchcrm

Churchcrm

115 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-35578

  • EPSS 0.04%
  • Veröffentlicht 07.04.2026 15:53:05
  • Zuletzt bearbeitet 13.04.2026 17:16:28

Rejected reason: This CVE is a duplicate of another CVE.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39940. Reason: This candidate is a reservation duplicate of CVE-2026-39940. Notes: All CVE users should reference CVE-2026...

8.8

CVE-2026-35567

  • EPSS 0.05%
  • Veröffentlicht 07.04.2026 15:49:55
  • Zuletzt bearbeitet 09.04.2026 17:16:26

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a duplicate of CVE-2026-39327. Notes: All CVE users should reference CVE-2026-39327 instead of this candidate. All references and de...

8.8

CVE-2026-35566

  • EPSS -
  • Veröffentlicht 07.04.2026 15:48:33
  • Zuletzt bearbeitet 07.04.2026 19:16:44

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason: This candidate is a duplicate of CVE-2026-39319. Notes: All CVE users should reference CVE-2026-39319 instead of this candidate. All references and de...

7.6

CVE-2026-35534

  • EPSS 0.03%
  • Veröffentlicht 07.04.2026 15:47:44
  • Zuletzt bearbeitet 10.04.2026 21:22:50

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText() as an output sanitizer for HTML attribute context. The function only str...

6.4

CVE-2026-32880

Exploit
  • EPSS 0.04%
  • Veröffentlicht 20.03.2026 01:04:08
  • Zuletzt bearbeitet 23.03.2026 15:29:56

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unesca...

5.4

CVE-2026-26059

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:45:53
  • Zuletzt bearbeitet 20.02.2026 19:07:03

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. V...

5.4

CVE-2026-24855

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.01.2026 15:08:31
  • Zuletzt bearbeitet 17.02.2026 14:32:44

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting (XSS) vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description fiel...

8.8

CVE-2026-24854

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.01.2026 15:05:12
  • Zuletzt bearbeitet 17.02.2026 14:33:24

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL i...

4.8

CVE-2025-68275

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.12.2025 21:53:22
  • Zuletzt bearbeitet 18.12.2025 18:27:40

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a stored cross-site scripting vulnerability on the pages `View Active People`, `View Inactive people`, and `View All People`. Version 6.5.3 fixes the issue.

4.8

CVE-2025-68401

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.12.2025 21:48:29
  • Zuletzt bearbeitet 18.12.2025 16:44:00

ChurchCRM is an open-source church management system. Prior to version 6.0.0, the application stores user-supplied HTML/JS without sufficient sanitization/encoding. When other users later view this content, attacker-controlled JavaScript executes in ...