CVE-2025-1024 (GCVE-0-2025-1024)
Vulnerability from cvelistv5
Published
2025-02-19 08:34
Modified
2025-02-19 19:40
Severity ?
8.4 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/AU:Y/R:U/V:C/RE:L/U:Amber
CWE
  • CWE-287 - Improper Authentication
Summary
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.
References
b7efe717-a805-47cf-8e9a-921fca0ce0cehttps://github.com/ChurchCRM/CRM/issues/7250Exploit, Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
ChurchCRM ChurchCRM Version: ChurchCRM 5.13.0 and prior
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1024",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T19:38:55.988956Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T19:40:43.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ChurchCRM",
          "vendor": "ChurchCRM",
          "versions": [
            {
              "status": "affected",
              "version": "ChurchCRM 5.13.0 and prior"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Michael McInerney"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in \u003c/span\u003e\u003cstrong\u003eChurchCRM 5.13.0\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;that allows an attacker to execute arbitrary JavaScript in a victim\u0027s browser via Reflected Cross-Site Scripting (XSS) in the \u003c/span\u003e\u003cstrong\u003eEditEventAttendees.php\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability exists in ChurchCRM 5.13.0\u00a0that allows an attacker to execute arbitrary JavaScript in a victim\u0027s browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php\u00a0page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-102",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-102 Session Sidejacking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/AU:Y/R:U/V:C/RE:L/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T08:34:55.967Z",
        "orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
        "shortName": "Gridware"
      },
      "references": [
        {
          "url": "https://github.com/ChurchCRM/CRM/issues/7250"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo mitigate this vulnerability, implement output encoding to prevent malicious script injection in user-controlled input fields, ensure that session cookies are set with the HttpOnly and Secure flags to protect them from client-side access, and validate and sanitize user input before reflecting it in web pages.\u003c/p\u003e"
            }
          ],
          "value": "To mitigate this vulnerability, implement output encoding to prevent malicious script injection in user-controlled input fields, ensure that session cookies are set with the HttpOnly and Secure flags to protect them from client-side access, and validate and sanitize user input before reflecting it in web pages."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
    "assignerShortName": "Gridware",
    "cveId": "CVE-2025-1024",
    "datePublished": "2025-02-19T08:34:55.967Z",
    "dateReserved": "2025-02-04T10:31:53.126Z",
    "dateUpdated": "2025-02-19T19:40:43.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-1024\",\"sourceIdentifier\":\"b7efe717-a805-47cf-8e9a-921fca0ce0ce\",\"published\":\"2025-02-19T09:15:10.280\",\"lastModified\":\"2025-02-25T21:50:07.637\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability exists in ChurchCRM 5.13.0\u00a0that allows an attacker to execute arbitrary JavaScript in a victim\u0027s browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php\u00a0page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad en ChurchCRM 5.13.0 que permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario en el navegador de una v\u00edctima a trav\u00e9s de Cross-Site Scripting (XSS) Reflejado en la p\u00e1gina EditEventAttendees.php. Esto requiere privilegios de administraci\u00f3n y afecta al par\u00e1metro EID. La falla permite a un atacante robar cookies de sesi\u00f3n, realizar acciones en nombre de un usuario autenticado y obtener acceso no autorizado a la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"b7efe717-a805-47cf-8e9a-921fca0ce0ce\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"LOW\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"HIGH\",\"subsequentSystemIntegrity\":\"LOW\",\"subsequentSystemAvailability\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"YES\",\"recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"b7efe717-a805-47cf-8e9a-921fca0ce0ce\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.13.0\",\"matchCriteriaId\":\"552A51B0-B2AE-4A12-BF43-DDCE1D8A29D2\"}]}]}],\"references\":[{\"url\":\"https://github.com/ChurchCRM/CRM/issues/7250\",\"source\":\"b7efe717-a805-47cf-8e9a-921fca0ce0ce\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1024\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-19T19:38:55.988956Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-19T19:40:31.852Z\"}}], \"cna\": {\"title\": \"Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Michael McInerney\"}], \"impacts\": [{\"capecId\": \"CAPEC-102\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-102 Session Sidejacking\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 8.4, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/AU:Y/R:U/V:C/RE:L/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ChurchCRM\", \"product\": \"ChurchCRM\", \"versions\": [{\"status\": \"affected\", \"version\": \"ChurchCRM 5.13.0 and prior\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"To mitigate this vulnerability, implement output encoding to prevent malicious script injection in user-controlled input fields, ensure that session cookies are set with the HttpOnly and Secure flags to protect them from client-side access, and validate and sanitize user input before reflecting it in web pages.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTo mitigate this vulnerability, implement output encoding to prevent malicious script injection in user-controlled input fields, ensure that session cookies are set with the HttpOnly and Secure flags to protect them from client-side access, and validate and sanitize user input before reflecting it in web pages.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://github.com/ChurchCRM/CRM/issues/7250\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability exists in ChurchCRM 5.13.0\\u00a0that allows an attacker to execute arbitrary JavaScript in a victim\u0027s browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php\\u00a0page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA vulnerability exists in \u003c/span\u003e\u003cstrong\u003eChurchCRM 5.13.0\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;that allows an attacker to execute arbitrary JavaScript in a victim\u0027s browser via Reflected Cross-Site Scripting (XSS) in the \u003c/span\u003e\u003cstrong\u003eEditEventAttendees.php\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"b7efe717-a805-47cf-8e9a-921fca0ce0ce\", \"shortName\": \"Gridware\", \"dateUpdated\": \"2025-02-19T08:34:55.967Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1024\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-19T19:40:43.255Z\", \"dateReserved\": \"2025-02-04T10:31:53.126Z\", \"assignerOrgId\": \"b7efe717-a805-47cf-8e9a-921fca0ce0ce\", \"datePublished\": \"2025-02-19T08:34:55.967Z\", \"assignerShortName\": \"Gridware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.