CVE-2024-25898
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php.
ChurchCRM - A free and open-source Church Management Software (ChMS) to help churches manage their membership data, groups, events, and finances.
GitHub