2026-04-07 17:57:30
GitHub_M
PUBLISHED
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browsers DOM. Although the application ultimately returns an HTTP 500 error due to the malformed API request caused by the payload, the browsers JavaScript engine parses and executes the injected