Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 18, 2025
ChurchCRM vulnerable to Stored XSS - Group name > Person Listing
CVE-2025-68275
Description
ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a stored cross-site scripting vulnerability on the pages View Active People, View Inactive people, and View All People. Version 6.5.3 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/ChurchCRM/CRM/security/advisories/GHSA-3q97-q4hv-gxwrmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.