Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.
References
Link | Resource |
---|---|
https://github.com/ChurchCRM/CRM/issues/5477 | Exploit Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-08-11T00:00:00
Updated: 2023-08-11T00:00:00
Reserved: 2020-11-16T00:00:00
Link: CVE-2020-28849
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-11T14:15:11.237
Modified: 2023-08-17T01:55:09.730
Link: CVE-2020-28849
JSON object: View
Redhat Information
No data.
CWE