CVE-2025-68399

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.4

Description ChurchCRM is an open-source church management system. A Stored Cross-Site Scripting (XSS) issue exists within the GroupEditor.php page. A user creating a group role can execute malicious JavaScript, but requires permission to view and modify groups.

Recommendations Update to version 6.5.4 or later.