Security Notice: Deadline Submission #6138
Comments
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
This issue was closed because it has been stalled for 15 days with no activity. |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
This issue was closed because it has been stalled for 15 days with no activity. |
|
From the URL in case it goes away: Reflected XSS at Cart View in churchcrm/crm DescriptionChurchCRM prior to version <= 4.4.5 is vulnerable to cross-site scripting specifically at the cart view under dashboard. Proof of ConceptLog in to dashboard ImpactThe attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker, and an attacker could send malicious requests on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. Occurrences |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
Hi CRM team,
I reported a vulnerability through the huntr platform and I believe that the huntr team has forwarded it to the official channel on the security policy page.
We understand that addressing vulnerabilities takes time and effort, but we haven't received any updates from the CRM team since 148 days ago. Can you please provide an explanation for the delay?
If we do not receive a response within the next week, we will be releasing a related advisory.
Maintainers with write access can view the submission by clicking on the following link:
https://huntr.dev/bounties/0ae3bbec-4a4f-41a6-8893-d40f3a838930/
Best!
Dwi
The text was updated successfully, but these errors were encountered: