PT-2026-3251 · Connectwise · Connectwise Psa
Petar Sever
·
Publicado
2026-01-16
·
Atualizado
2026-02-23
·
CVE-2026-0695
CVSS v3.1
8.7
Alta
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ConnectWise PSA versions prior to 2026.1
Description
ConnectWise PSA versions older than 2026.1 may allow stored script code to execute in a user’s browser. This occurs because Time Entry notes stored in the Time Entry Audit Trail are rendered without proper output encoding for certain content. Under specific conditions, this can lead to the execution of script code within the context of a user’s browser when the affected content is displayed.
Recommendations
Update to version 2026.1.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Connectwise Psa