A vulnerability has been found in ChurchCRM up to 7.0.x and classified as problematic . This vulnerability affects unknown code. This manipulation of the argument Username causes basic cross site scripting. This vulnerability is tracked as CVE-2026-39344 . The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.