CVE-2026-0695

EPSS 0.01%
Veröffentlicht 16.01.2026 13:34:42
Zuletzt bearbeitet 27.01.2026 13:15:54
Quelle 7d616e1a-3288-43b1-a0dd-0a65d3
CVE-Watchlists
Login
Unerledigt
Login

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Connectwise ≫ Professional Service Automation Version < 2026.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.019

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
7d616e1a-3288-43b1-a0dd-0a65d3e70a49	8.7	2.3	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix

Vendor Advisory

https://www.themissinglink.com.au/security-advisories/cve-2026-0695

https://nvd.nist.gov/vuln/detail/CVE-2026-0695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0695

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-0695