Search Results | AttackerKB

Show filters

Topics 12 Users 9,714

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

12 Total Results

Displaying 1-10 of 12

Attacker Value

Unknown

CVE-2023-33661

Disclosure Date: June 29, 2023 (last updated October 08, 2023)

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-31548

Disclosure Date: May 31, 2023 (last updated October 08, 2023)

A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-26842

Disclosure Date: May 31, 2023 (last updated October 08, 2023)

A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-26843

Disclosure Date: April 25, 2023 (last updated October 08, 2023)

A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-26841

Disclosure Date: April 25, 2023 (last updated October 08, 2023)

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-26840

Disclosure Date: April 25, 2023 (last updated October 08, 2023)

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-26839

Disclosure Date: April 25, 2023 (last updated October 08, 2023)

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-25348

Disclosure Date: April 25, 2023 (last updated October 08, 2023)

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.

Attack Vector: Local Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-25347

Disclosure Date: April 25, 2023 (last updated October 08, 2023)

A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-25346

Disclosure Date: April 25, 2023 (last updated October 08, 2023)

A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.

Attack Vector: Network Privileges: None User Interaction: Required

0