Stored XSS Vulnerability in ConnectWise Control by ConnectWise
CVE-2019-16512

4.8MEDIUM

Key Information:

Vendor

Connectwise
Status
Control
Vendor
CVE Published:
23 January 2020

What is CVE-2019-16512?

A stored Cross-Site Scripting (XSS) vulnerability was identified in ConnectWise Control, specifically affecting version 19.3.25270.7185. This issue arises in the Appearance modifier component, allowing malicious users to inject arbitrary JavaScript code that could be executed by other users who access the affected functionalities. This vulnerability could lead to unauthorized actions being performed on behalf of the user or the disclosure of sensitive information. Organizations using this version should ensure they apply security best practices and review their configurations to mitigate potential exploits.

References

https://know.bishopfox.com/advisories
x_refsource_MISC
https://know.bishopfox.com/advisories/connectwise-control
x_refsource_MISC
https://blog.huntresslabs.com/validating-the-bishop-fox-f...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.