CVE-2025-68399

Low CVSS: 2.0

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting (XSS) vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to work, the user must have permission to view and modify groups in the application. Version 6.5.4 fixes the issue.

Vendor

Churchcrm

Product

Churchcrm

CWE

CWE-79

Yayın Tarihi

2025-12-17 22:16:02

Güncelleme

2025-12-18 16:47:11

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Churchcrm LOW Churchcrm 2025

Referanslar

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-gfxf-w4cg-c54j https://github.com/ChurchCRM/CRM/security/advisories/GHSA-gfxf-w4cg-c54j

Benzer Kayıtlar

Medium

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type syst…

Low

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated u…

High

CVE-2026-24854

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor…

High

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting (XSS) v…

Critical

CVE-2025-68400

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint `/Repo…

Medium

CVE-2025-68401

ChurchCRM is an open-source church management system. Prior to version 6.0.0, the application stores user-supplied HTML/…