CVE-2023-33661

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 29, 2023

Updated: Jul 6, 2023

CWE ID 79

Summary

CVE-2023-33661 is a newly identified cross-site scripting (XSS) vulnerability affecting Church CRM v4.5.3. This issue was discovered in three different components: GroupReports.php, GroupRole, ReportModel, and OnlyCart parameters. An attacker can leverage these vulnerabilities to inject malicious scripts into a victim's web browser, potentially stealing sensitive information or taking control of their account. Users are urged to upgrade to the latest version of Church CRM to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rz6eKH
https://www.cve.org/CVERecord?id=CVE-2023-33661
https://nvd.nist.gov/vuln/detail/CVE-2023-33661

Back to Vulnerability Database

CVE-2023-33661

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations