CVE-2020-28849

Description

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

Related CPE's

a churchcrm churchcrm ********

References

https://github.com/ChurchCRM/CRM/issues/5477

ExploitIssue Tracking

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io