CVE-2026-24855 | ChurchCRM up to 6.7.1 Create Events Description cross site scripting

Inserito da Angelo Barbosa | Gen 30, 2026 | CVE

A vulnerability was found in ChurchCRM up to 6.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Create Events. Such manipulation of the argument Description leads to cross site scripting.

This vulnerability is listed as CVE-2026-24855. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-24855 | ChurchCRM up to 6.7.1 Create Events Description cross site scripting

Post correlati

CVE-2025-4407 | ABB Lite Panel Pro up to 1.0.1 session expiration

CVE-2024-8427 | Frontend Post Submission Manager Lite Plugin up to 1.2.2 on WordPress Setting authorization

CVE-2025-4282 | SourceCodester/oretnom23 Stock Management System 1.0 Users.php?f=save cross-site request forgery

CVE-2025-26186 | openSIS 9.1 Ajax.php ID sql injection