Unrated severityOSV Advisory· Published Dec 2, 2025· Updated Dec 2, 2025
CVE-2025-65187
CVE-2025-65187
Description
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.