CVE-2023-27059
Published on: Not Yet Published
Last Modified on: 03/22/2023 05:35:00 PM UTC
Certain versions of Churchcrm from Churchcrm contain the following vulnerability:
A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.
- CVE-2023-27059 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
A cross-site scripting vulnerability (XSS) exists in the edit group function · Issue #6450 · ChurchCRM/CRM · GitHub | github.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Churchcrm | Churchcrm | 4.5.3 | All | All | All |
- cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2023-27059 : A cross-site scripting #XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows… twitter.com/i/web/status/1… | 2023-03-16 22:04:56 |
![]() |
CVE-2023-27059 | 2023-03-16 22:38:45 |