CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-11727

services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://becomepentester.blogspot.in/2017/07/ConnectWise-Manage-XSS-CVE-2017-11727.html
https://becomepentester.blogspot.in/2017/07/ConnectWise-Manage-XSS-CVE-2017-11727.html

Products affected by CVE-2017-11727

Connectwise » Manage » Version: 2017.5

cpe:2.3:a:connectwise:manage:2017.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11727

Products

Pricing

Contact Us