CVE-2026-40593 | ChurchCRM up to 7.1.x User Editor UserEditor.php htmlspecialchars cross site scripting (GHSA-7h46-9f64-p49q)

A vulnerability labeled as problematic has been found in ChurchCRM up to 7.1.x. The affected element is the function htmlspecialchars of the file UserEditor.php of the component User Editor. Executing a manipulation can lead to cross site scripting.

The identification of this vulnerability is CVE-2026-40593. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More