CVE-2026-39335
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and fa
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused.
This vulnerability is fixed in 7.1.1.
MEDIUM · CVSS 6.1
EPSS 0.00045
Schedule remediation
- Public exploit or PoC is available
Sigma rules0
YARA rules0