CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28848
https://notcve.org/view.php?id=CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. Una vulnerabilidad de inyección CSV en ChurchCRM versión 4.2.0, permite a atacantes remotos ejecutar código arbitrario a través de un archivo CSV manipulado. • https://github.com/ChurchCRM/CRM/issues/5465 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28849
https://notcve.org/view.php?id=CVE-2020-28849
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. Una vulnerabilidad de Cross-Site Scripting (XSS) en ChurchCRM v4.2.1 permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través de un payload manipulado en el campo "Add New Deposit" del módulo "View All Deposit". • https://github.com/ChurchCRM/CRM/issues/5477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33661
https://notcve.org/view.php?id=CVE-2023-33661
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. • https://github.com/ChurchCRM/CRM/issues/6474 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31548
https://notcve.org/view.php?id=CVE-2023-31548
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. • https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-31548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26842
https://notcve.org/view.php?id=CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. • https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-26842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •