Arbitrary JavaScript Code Execution via XSS in ConnectWise Manage 2017.5 Contact.rails

Arbitrary JavaScript Code Execution via XSS in ConnectWise Manage 2017.5 Contact.rails

CVE-2017-11727 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.

Learn more about our Contact.