CVE-2025-67875 | ChurchCRM up to 6.5.2 cross site scripting

December 18, 2025 Yanac

A vulnerability described as problematic has been identified in ChurchCRM up to 6.5.2. The affected element is an unknown function. Executing manipulation can lead to cross site scripting.

This vulnerability is registered as CVE-2025-67875. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More

CVE-2025-14364 | Demo Importer Plus Plugin up to 2.0.8 on WordPress Ajax::handle_request authorization
CVE-2025-68114 | capstone-engine capstone up to 6.0.0-Alpha5 SStream_concat buffer underflow