CVE-2024-25898 Information

Description

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality edit your event where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php.

Reference

https://github.com/ChurchCRM/CRM/issues/6851