CVE-2023-38766
Published
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.
ChurchCRM - A free and open-source Church Management Software (ChMS) to help churches manage their membership data, groups, events, and finances.
GitHubGitHub