Cross site scripting

2017-07-3123:29:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.

CPENameOperatorVersion
manageeq2017.5

CPE	Name	Operator	Version
	manage	eq	2017.5

References

becomepentester.blogspot.in/2017/07/ConnectWise-Manage-XSS-CVE-2017-11727.html