CVE-2023-27059

Name of the Vulnerable Software and Affected Versions ChurchCRM version 4.5.3

Description A cross-site scripting (XSS) issue in the Edit Group function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. This enables attackers to potentially manipulate the web application's behavior.

Recommendations For ChurchCRM version 4.5.3, as a temporary workaround, consider restricting access to the Edit Group function until a patch is available. Avoid using the Edit Group Name text field with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.