How severe is CVE-2025-0981?

This vulnerability has a severity rating of HIGH with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2025-0981?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2025-0981 - HIGH Severity | CVSS 6.1

Vulnerability Description

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. This allows admin users to inject malicious JavaScript in the description field, which captures the session cookie of authenticated users. The cookie can then be sent to an external server, enabling session hijacking. It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to sensitive information.

Related Vulnerabilities

CVE-2013-5114

MEDIUM

CVSS:6.1(Medium)

LastPass prior to 2.5.1 allows secure wipe bypass.

CWE-2872013

CVE-2017-6722

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legit...

CWE-2872017

CVE-2021-1543

MEDIUM

CVSS:6.1(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co...

CWE-2872021

CVE-2021-1571

MEDIUM

CVSS:6.1(Medium)

CWE-2872021

CVE-2021-25389

MEDIUM

CVSS:6.1(Medium)

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.

CWE-2872021

CVE-2019-3584

MEDIUM

CVSS:6.0(Medium)

Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove M...

CWE-2872019