Vulnerabilities > Churchcrm > Churchcrm > 2.10.4

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-28849 Cross-site Scripting vulnerability in Churchcrm
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.
network
low complexity
churchcrm CWE-79
5.4
5.4
2023-02-09 CVE-2023-24684 SQL Injection vulnerability in Churchcrm
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
network
low complexity
churchcrm CWE-89
7.2
7.2
2023-02-09 CVE-2023-24685 SQL Injection vulnerability in Churchcrm
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
network
low complexity
churchcrm CWE-89
7.2
7.2
2023-02-09 CVE-2023-24686 Cross-site Scripting vulnerability in Churchcrm
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.
network
low complexity
churchcrm CWE-79
4.8
4.8
2023-02-09 CVE-2023-24690 Cross-site Scripting vulnerability in Churchcrm
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
network
low complexity
churchcrm CWE-79
5.4
5.4