HIGH✓ PATCH🇬🇧 English

CVE-2026-0695

CVSS 8.7v3.1pub. 2026-01-16upd. 2026-01-27

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
  • Connectwise Professional Service Automation

    APP
    Connectwise
    < 2026.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2026-0696MEDIUM6.5ten sam produkt

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribut...

CVE-2025-7204MEDIUM6.5ten sam produkt

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain acc...

CVE-2024-1709CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Authentication Bypass w ConnectWise ScreenConnect — bezpośredni dostęp do systemów

CVE-2017-18362CRITICAL9.8⚠ KEVten sam vendor

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote comm...

CVE-2025-14265CRITICAL9.1PL ✓ten sam vendor

ConnectWise ScreenConnect — instalacja niezaufanych rozszerzeń z RCE

CVE-2026-0695 — HIGH 8.7 | CVEbaza.pl