Toekhaing

**Name of the Vulnerable Software and Affected Versions** Church CRM version 5.8.0 **Description** A stored cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Family Name` parameter under the Register a New Family page. **Recommendations** For Church CRM version 5.8.0, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Register a New Family page or validating and sanitizing user input for the `Family Name` parameter to minimize the risk of exploitation.