CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Churchcrm: >> Churchcrm >> 7.1.1 Security Vulnerabilities

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1.

CVSS Score

6.1

EPSS Score

0.0

Published

2026-04-07

Page 1

Vulnerabilities

Vulnerable Software

Churchcrm: >> Churchcrm >> 7.1.1 Security Vulnerabilities

Products

Pricing

Contact Us