Home > Vulnerability Database > CVE-2020-28849

Mend.io Vulnerability Database

CVE-2020-28849

Date: August 11, 2023

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

Language: PHP

Severity Score

5.4

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-28849

Url: https://github.com/ChurchCRM/CRM/issues/5477

Url: https://www.mend.io/vulnerability-database/CVE-2020-28849

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2020-28849

Date: August 11, 2023

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?