CVE-2024-25898 | ChurchCRM 5.5.0 EventEditor.php Event Sermon cross site scripting

Posted by Angelo Barbosa | Feb 21, 2024 | CVE

A vulnerability classified as problematic was found in ChurchCRM 5.5.0. Affected by this vulnerability is an unknown functionality of the file EventEditor.php. The manipulation of the argument Event Sermon leads to cross site scripting.

This vulnerability is known as CVE-2024-25898. The attack can be launched remotely. There is no exploit available.

CVE-2024-25898 | ChurchCRM 5.5.0 EventEditor.php Event Sermon cross site scripting

Related Posts

CVE-2023-52117 | Metagauss ProfileGrid Plugin up to 5.6.6 on WordPress authorization

CVE-2024-1000 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setTracerouteCfg command stack-based overflow

CVE-2024-42251 | Linux Kernel up to 6.6.41/6.9.10 include/linux/page_ref.h folio_try_get_rcu stack-based overflow (16380f52b721/e7db2762ea3e/fa2690af573d)

CVE-2024-0884 | SourceCodester Online Tours & Travels Management System 1.0 payment.php exec id sql injection