CVE-2026-26059
ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue.
| CWE | CWE-79 |
| Vendor | churchcrm |
| Product | crm |
| Published | Feb 19, 2026 |
| Last Updated | Feb 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for churchcrm crm
Be the first to know when new unknown vulnerabilities affecting churchcrm crm are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
ChurchCRM / CRM
< 6.8.1