CVE-2023-25347

Published
View on NVD ↗
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.

ChurchCRM/CRM
ChurchCRM/CRM
ChurchCRM - A free and open-source Church Management Software (ChMS) to help churches manage their membership data, groups, events, and finances.
GitHubGitHub
890
10splayaSec/CVE-Disclosures
10splayaSec/CVE-Disclosures
GitHubGitHub
9