Vulnerabilities > Churchcrm > Churchcrm > 4.5.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-19 | CVE-2025-1024 | Cross-site Scripting vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. | 4.8 |
| 2025-02-19 | CVE-2025-1132 | SQL Injection vulnerability in Churchcrm A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. | 8.8 |
| 2025-02-19 | CVE-2025-1133 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1134 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1135 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0. | 7.2 |
| 2025-02-18 | CVE-2025-0981 | Cross-site Scripting vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. | 6.1 |
| 2025-02-18 | CVE-2025-1023 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. | 9.8 |
| 2024-07-26 | CVE-2024-39304 | SQL Injection vulnerability in Churchcrm ChurchCRM is an open-source church management system. | 8.8 |
| 2023-06-29 | CVE-2023-33661 | Cross-site Scripting vulnerability in Churchcrm 4.5.3 Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. | 6.1 |
| 2023-05-31 | CVE-2023-26842 | Cross-site Scripting vulnerability in Churchcrm 4.5.3 A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. | 5.4 |