A vulnerability described as problematic has been identified in ChurchCRM up to 6.5.2 . This impacts an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-35574 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.