Vulnerabilities > Churchcrm > Churchcrm > 2.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-11 | CVE-2020-28849 | Cross-site Scripting vulnerability in Churchcrm Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. | 5.4 |
2023-02-09 | CVE-2023-24684 | SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. | 7.2 |
2023-02-09 | CVE-2023-24685 | SQL Injection vulnerability in Churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | 7.2 |
2023-02-09 | CVE-2023-24686 | Cross-site Scripting vulnerability in Churchcrm An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | 4.8 |
2023-02-09 | CVE-2023-24690 | Cross-site Scripting vulnerability in Churchcrm ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | 5.4 |