A vulnerability, which was classified as problematic , was found in ChurchCRM up to 6.x . This affects an unknown part. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-35576 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.