Dynruwo

**Name of the Vulnerable Software and Affected Versions** Church CRM version 4.5.3 **Description** Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM. The issue affects the GroupReports.php file via the `GroupRole`, `ReportModel`, and `OnlyCart` parameters. **Recommendations** For Church CRM version 4.5.3, consider disabling access to the GroupReports.php file until a patch is available. Restrict the use of the `GroupRole`, `ReportModel`, and `OnlyCart` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.