Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 18, 2025
ChurchCRM vulnerable to Stored XSS - Group name > Person Listing
CVE-2025-68275
Description
ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a stored cross-site scripting vulnerability on the pages View Active People, View Inactive people, and View All People. Version 6.5.3 fixes the issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/ChurchCRM/CRM/security/advisories/GHSA-3q97-q4hv-gxwrmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.