CVE-2023-26842 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in ChurchCRM affects v. 4.5.3.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
Domain, IPv4
Toolbox
-
ChurchCRM is an open-source management system designed for churches. It is used to manage various church-related data including members, donations, and groups. With its intuitive interface and robust features, ChurchCRM aims to make managing church-related data easy and efficient. The system's main purpose is to increase church productivity, organization, and enhance overall growth.
However, ChurchCRM 4.5.3 was found to have a stored Cross-site scripting (XSS) vulnerability, coded as CVE-2023-26842. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. When exploited, this vulnerability would allow attackers to obtain sensitive information of church members and may even allow them to take over the systems.
This vulnerability can lead to many disastrous consequences when exploited. Attackers can exploit the vulnerability to launch phishing attacks against members of the church. They may also be able to access financial information, medical records, and any other sensitive data that the system may store. In the hands of black-hat hackers, this vulnerability could easily put the entire Church system, its members, and their data at great risk.
In conclusion, s4e.io provides a comprehensive platform where you can learn about vulnerabilities within your digital assets. By taking advantage of their pro features, you can be sure that you will stay ahead of the game and protect against any potential vulnerabilities. Remember that timely updates, modern security measures, and user education can go a long way in protecting your church system and its members from any and all potential threats.
REFERENCES