Vulnerabilidades en ChurchCRM
72 resultadosCVE-2026-39343HIGHChurchCRM has a SQL Injection in Event Type Editor (Admin)EPSS 0.3%CVE-2026-39334HIGHChurchCRM has a Blind SQL injection in SettingsIndividual.phpEPSS 0.3%CVE-2025-66397HIGHChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access ControlEPSS 0.3%CVE-2026-39335MEDIUMChurchCRM has Stored XSS via Unescaped data-* Attributes in Group/Family ControlsEPSS 0.3%CVE-2026-39319HIGHChurchCRM has a Second Order SQLI via FundRaiserEditor.phpEPSS 0.2%CVE-2026-39326HIGHChurchCRM has a Blind SQL injection in PropertyTypeEditor.phpEPSS 0.2%CVE-2026-39327HIGHChurchCRM has a SQL injection in MemberRoleChange.phpEPSS 0.2%CVE-2026-39330HIGHChurchCRM has a Blind SQL injection in PropertyAssign.phpEPSS 0.2%CVE-2026-39329HIGHChurchCRM has a Blind SQL injection in EventNames.phpEPSS 0.2%CVE-2026-35575HIGHChurchCRM has Stored XSS in Group NameEPSS 0.2%CVE-2026-39340HIGHChurchCRM has a SQL Injection in PropertyTypeEditor.php via Incorrect Sanitizer SubstitutionEPSS 0.2%CVE-2026-39338HIGHChurchCRM has Blind XSS via Global Search – Administrative Cookie Session ExfiltrationEPSS 0.2%CVE-2026-40483MEDIUMChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment FieldEPSS 0.2%CVE-2026-39333HIGHChurchCRM has Reflected XSS in DateStart/DateEnd parameters in FindFundRaiser.phpEPSS 0.2%CVE-2026-39331HIGHChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary FamiliesEPSS 0.2%CVE-2026-24855HIGHChurchCRM has Stored Cross-Site Scripting (XSS) in Create Events in Church Calendar, Leading to Account TakeoverEPSS 0.2%CVE-2026-44547CRITICALChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2EPSS 0.2%CVE-2026-39336MEDIUMChurchCRM has Stored XSS from unescaped config values in HTML attributesEPSS 0.2%CVE-2025-0981HIGHSession Hijacking via Stored Cross-Site Scripting (XSS) in ChurchCRM GroupEditor.php Description FieldEPSS 0.2%CVE-2026-39332HIGHChurchCRM has Reflected Cross-Site Scripting (XSS) in GeoPage.phpEPSS 0.2%