CVE-2020-28849

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
11/08/2023
Last modified:
17/08/2023

Description

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:* 4.2.1 (including)


References to Advisories, Solutions, and Tools