Cross-Site Scripting Vulnerability in ConnectWise Manage by ConnectWise

CVE-2017-11727

What is CVE-2017-11727?

In ConnectWise Manage version 2017.5, a vulnerability exists within the services/system_io/actionprocessor/Contact.rails component that allows attackers to execute arbitrary client-side JavaScript code. This occurs when users click on a specially crafted link, leading to potential security breaches, data exposure, and manipulation of user sessions.

References