Cross Site Scripting Vulnerability in ChurchCRM by ChurchCRM
CVE-2020-28849

5.4MEDIUM

Key Information:

Vendor: Churchcrm
Status: Churchcrm
Vendor: CVE Published:; 11 August 2023

What is CVE-2020-28849?

A Cross Site Scripting vulnerability exists in ChurchCRM version 4.2.1, allowing remote attackers to execute arbitrary code and potentially access sensitive information. The vulnerability can be exploited through a specially crafted payload submitted via the 'Add New Deposit' field in the 'View All Deposit' module, posing a significant risk to applications that utilize this version.

References

https://github.com/ChurchCRM/CRM/issues/5477

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Nov 16, 2020

Churchcrm

What is CVE-2020-28849?

References

CVSS V3.1

Timeline