A vulnerability identified as problematic has been detected in ChurchCRM up to 7.1.0 . The affected element is an unknown function. The manipulation of the argument entity leads to cross site scripting. This vulnerability is traded as CVE-2026-39335 . It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.