CVE-2024-36647

Name of the Vulnerable Software and Affected Versions Church CRM version 5.8.0

Description A stored cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page.

Recommendations For Church CRM version 5.8.0, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Register a New Family page or validating and sanitizing user input for the Family Name parameter to minimize the risk of exploitation.