Janssensjelle

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, has an issue where the `searchwhat` parameter in 'QueryView.php' with 'QueryID=15' is susceptible to SQL injection. An authenticated user needs access to 'Data/Reports > Query Menu' and the 'Advanced Search' query to exploit this. Recommendations Update to version 7.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** ChurchCRM versions prior to 6.5.3 **Description** ChurchCRM, an open-source church management system, contains a stored cross-site scripting issue. This affects the `View Active People`, `View Inactive people`, and `View All People` pages. Privileged users can inject malicious scripts into people listing pages. These scripts execute when other administrators view the pages. **Recommendations** Update to version 6.5.3 or later.