CNNVD-202512-3169 Information
Dec 17, 2025
cve
CNNVD ID
CNNVD-202512-3169
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.4之前版本存在跨站脚本漏洞,该漏洞源于GroupEditor.php页面存储用户输入时清理和转义不足,可能导致存储型跨站脚本攻击。
Description (English)
ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. A pre-CurchCRM 6.5.4 version has a cross-site script loophole, which stems from inadequate cleaning and conversion of user input while storing the GroupEditor.php page, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
ChurchCRM
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-gfxf-w4cg-c54j https://access.redhat.com/security/cve/cve-2025-68399
Patch
https://github.com/ChurchCRM/CRM/releases
Share on: