CVE-2023-24690

Name of the Vulnerable Software and Affected Versions ChurchCRM versions 4.5.3 and below

Description A stored cross-site scripting (XSS) issue was found in the /api/public/register/family API endpoint. This could potentially allow attackers to inject malicious scripts into the application.

Recommendations For ChurchCRM versions 4.5.3 and below, update to a version above 4.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the /api/public/register/family API endpoint until a patch is available. Avoid using this endpoint in applications where user input is not properly sanitized.