Show filters
46 Total Results
Displaying 21-30 of 46
Sort by:
Attacker Value
Unknown
CVE-2023-38763
Disclosure Date: August 08, 2023 (last updated October 08, 2023)
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
0
Attacker Value
Unknown
CVE-2023-38762
Disclosure Date: August 08, 2023 (last updated October 08, 2023)
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
0
Attacker Value
Unknown
CVE-2023-38761
Disclosure Date: August 08, 2023 (last updated October 08, 2023)
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.
0
Attacker Value
Unknown
CVE-2023-38760
Disclosure Date: August 08, 2023 (last updated October 08, 2023)
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
0
Attacker Value
Unknown
CVE-2023-33661
Disclosure Date: June 29, 2023 (last updated October 08, 2023)
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
0
Attacker Value
Unknown
CVE-2023-31548
Disclosure Date: May 31, 2023 (last updated October 08, 2023)
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
0
Attacker Value
Unknown
CVE-2023-26842
Disclosure Date: May 31, 2023 (last updated October 08, 2023)
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.
0
Attacker Value
Unknown
CVE-2023-31699
Disclosure Date: May 17, 2023 (last updated October 08, 2023)
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
0
Attacker Value
Unknown
CVE-2023-29842
Disclosure Date: May 04, 2023 (last updated October 27, 2023)
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
0
Attacker Value
Unknown
CVE-2023-26843
Disclosure Date: April 25, 2023 (last updated October 08, 2023)
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.
0
