Galorithm

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 7.0.2 **Description** ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an administrator user to edit JSON type system settings to store a JavaScript payload that can execute when any administrator views the system settings. The JSON input is left unescaped and unsanitized in the `SystemSettings.php` file, leading to cross-site scripting (XSS). **Recommendations** Update to version 7.0.2 or later.