PT-2024-21191 · Churchcrm · Churchcrm

Georgios Bitounis

Published

2024-02-21

Updated

2025-03-28

CVE-2024-25898

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ChurchCRM version 5.5.0

Description A XSS issue was found in the functionality to edit events, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. This allows for the potential execution of malicious code.

Recommendations For ChurchCRM version 5.5.0, consider disabling the editing of events or restricting access to the EventEditor.php file until a patch is available. Avoid inserting untrusted input into the Event Sermon field to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-25898

Affected Products

Churchcrm

PT-2024-21191 · Churchcrm · Churchcrm

CVE-2024-25898

Weakness Enumeration

Related Identifiers

Affected Products

References · 6