XSS in Churchcrm Crm

CVE-2026-58411

ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting (XSS) vulnerabilities were identified due to insufficient output encoding of user-controlled request parameter names and parameter values. T…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References