CVE-2025-65187 | THREATINT

Description

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-02 | Updated 2025-12-02 | Assigner mitre

References

civicrm.com/

github.com/...ility-Disclosures/blob/main/CVE-2025-65187.pdf

cve.org (CVE-2025-65187)

nvd.nist.gov (CVE-2025-65187)

Download JSON