Vulnerability Details CVE-2022-36136
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.7%
CVSS Severity
CVSS v3 Score 4.8
References
- https://github.com/ChurchCRM/CRM/releases/tag/4.4.5
- https://grimthereaperteam.medium.com/churchcrm-version-4-4-5-stored-xss-vulnerability-at-deposit-commend-839d2c587d6e
- https://github.com/ChurchCRM/CRM/releases/tag/4.4.5
- https://grimthereaperteam.medium.com/churchcrm-version-4-4-5-stored-xss-vulnerability-at-deposit-commend-839d2c587d6e