PT-2026-3251 · Connectwise · Connectwise Psa
Petar Sever
·
Published
2026-01-16
·
Updated
2026-02-23
·
CVE-2026-0695
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ConnectWise PSA versions prior to 2026.1
Description
ConnectWise PSA versions older than 2026.1 may allow stored script code to execute in a user’s browser. This occurs because Time Entry notes stored in the Time Entry Audit Trail are rendered without proper output encoding for certain content. Under specific conditions, this can lead to the execution of script code within the context of a user’s browser when the affected content is displayed.
Recommendations
Update to version 2026.1.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connectwise Psa