Civicrm

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-65187 MEDIUM POC PATCH This Month

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.

XSS Ubuntu Debian Civicrm

NVD GitHub

CVSS 3.1

6.1

EPSS

0.1%

CVE-2025-65187

EPSS 0% CVSS 6.1

MEDIUM POC PATCH This Month

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.

XSS Ubuntu Debian +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy