| 제목 | ChurchCRM <= 5.18.0 Cross-Site Scripting (XSS) |
|---|
| 설명 | Stored XSS vulnerability in ChurchCRM's Note Editor (NoteEditor.php) allows authenticated users to bypass existing XSS filters using a specific encoded payload technique with HTML attribute injection. The malicious JavaScript persists in the database and automatically executes when any user views the affected profile, enabling session hijacking of administrators, privilege escalation, and unauthorized access to sensitive church data. The same filter bypass technique affects multiple endpoints throughout the application, amplifying the attack surface. |
|---|
| 원천 | ⚠️ https://github.com/uartu0/advisories/blob/main/churchcrm-stored-xss-2025.md |
|---|
| 사용자 | uartu0 (UID 90021) |
|---|
| 제출 | 2025. 10. 08. AM 05:17 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 18. PM 02:53 (10 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 227384 [ChurchCRM 4.5.3 NoteEditor.php 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 0 |
|---|