Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2023-25347

Disclosure Date: April 25, 2023 (last updated February 24, 2025)
A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0