top of page
perceptive_background_267k.jpg

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.

Published:

2 juni 2026 om 22:00:00

Alert date:

3 juni 2026 om 20:02:27

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

RockRMS versions 16.13 and before version 17.7.0 contains a Cross Site Scripting (XSS) vulnerability in the Social Media links functionality within user profiles. This vulnerability allows attackers to inject malicious scripts that execute when other users view the affected profile. The XSS can potentially lead to privilege escalation within the RockRMS system. The vulnerability affects multiple versions of the church management software and has been assigned CVE-2026-36748. Users should upgrade to version 17.7.0 or later to mitigate this security issue.

Technical details

Mitigation steps:

Affected products:

RockRMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-36748
http://sparkdevnetwork.com
https://raxis.com/blog/cve-2026-36748-xss-in-rock-rms-leads-to-privilege-escalation/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page