CVE-2025-68399 | ChurchCRM up to 6.5.3 GroupEditor.php cross site scripting

A vulnerability, which was classified as problematic, has been found in ChurchCRM up to 6.5.3. The affected element is an unknown function of the file GroupEditor.php. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2025-68399. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More