XSS in Churchcrm Crm
CVE-2026-58411
ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting (XSS) vulnerabilities were identified due to insufficient output encoding of user-controlled request parameter names and parameter values. T…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Churchcrm Crm — versions < 7.4.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)