exploitDog

CVE-2023-24690

Опубликовано: 09 фев. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.

Ссылки

http://churchcrm.io/
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory
http://churchcrm.io/
Product
https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*

Версия до 4.5.3 (включая)

EPSS

Процентиль: 41%

0.00194

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-cxm9-p3px-pf2v

CVSS3: 5.4

github

почти 3 года назад

ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.

EPSS

Процентиль: 41%

0.00194

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79