PT-2026-30948 · Churchcrm · Crm
Published
2026-04-07
·
Updated
2026-04-07
·
CVE-2026-39335
CVSS v3.1
6.1
Medium
| AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N |
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crm