| 제목 | ChurchCRM 5.15.0 Cross Site Scripting |
|---|
| 설명 | Vendor was contacted via GitHub advisory on March 12th but has not responded in any way.
The advisory reports a stored Cross-Site Scripting (XSS) vulnerability in ChurchCRM v5.16.0, specifically in the Group Editor. Authenticated users with permission to create groups can inject malicious JavaScript into the Group Name field. This payload is later executed when viewing pages like "View Active People", enabling potential attacks such as session hijacking or defacement. The issue stems from improper output encoding of user-supplied input. |
|---|
| 원천 | ⚠️ https://everydaysparkling.com/p/b4afe675-b7fb-4cf8-be90-e443ffddc0b6/ |
|---|
| 사용자 | Jelle Janssens (UID 81048) |
|---|
| 제출 | 2025. 04. 10. PM 03:29 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 26. AM 08:45 (16 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 223276 [ChurchCRM 4.5.3 Edit Group 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 0 |
|---|