A vulnerability classified as problematic was found in ChurchCRM up to 6.5.2 . Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-35575 . The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.