CVE-2023-33661

Name of the Vulnerable Software and Affected Versions Church CRM version 4.5.3

Description Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM. The issue affects the GroupReports.php file via the GroupRole, ReportModel, and OnlyCart parameters.

Recommendations For Church CRM version 4.5.3, consider disabling access to the GroupReports.php file until a patch is available. Restrict the use of the GroupRole, ReportModel, and OnlyCart parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.