Stored Cross-Site Scripting in Church CRM by ChurchCRM
CVE-2024-36647
Currently unrated
What is CVE-2024-36647?
A stored cross-site scripting (XSS) vulnerability exists in Church CRM v5.8.0, which enables attackers to inject malicious scripts through the Family Name parameter in the 'Register a New Family' page. This flaw could allow unauthorized users to execute arbitrary web scripts, potentially compromising user sessions and data integrity. Proper validation and sanitization methods should be applied to user inputs to mitigate this risk.