Arbitrary JavaScript Code Execution via XSS in ConnectWise Manage 2017.5 Contact.rails
CVE-2017-11727 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.
Learn more about our Contact.