CVE-2023-25346 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in ChurchCRM affects v. 4.5.3.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
Domain, IPv4
Toolbox
-
ChurchCRM is a web-based system designed for religious organizations to manage and track their congregations, donations, events, and communications. It is an open-source platform that offers a range of features to improve the functionality and efficiency of church management. With its user-friendly interface and customizable options, ChurchCRM is an ideal solution for small to medium-sized churches.
However, recently a reflected cross-site scripting (XSS) vulnerability, identified as CVE-2023-25346, was detected in version 4.5.3 of ChurchCRM. This vulnerability arises when an attacker injects malicious code or HTML into the "id" parameter of the "/churchcrm/v2/family/not-found" page. It can potentially allow the attacker to hijack user sessions, modify or steal sensitive data, or even gain unauthorized access to other systems connected to ChurchCRM.
If exploited, this vulnerability can lead to severe security breaches, loss of confidential data, and damage to the reputation of religious organizations who use ChurchCRM. Moreover, it can cause disruption to the smooth functioning of the church and hinder its ability to serve its congregants.
In conclusion, digital assets are a vital part of modern-day church functioning and require regular attention to secure them from potential cyber threats. With the pro features of s4e.io, church administrators and IT staff can stay informed about the latest vulnerabilities and take necessary measures proactively to keep their systems and congregants safe. By taking necessary precautions and staying up-to-date with the latest security trends, churches can maintain a secure and robust digital presence for their congregations and the wider community.
REFERENCES