2 matches found
CVE-2017-11726
ConnectWise Manage 2017.5 contains a Cross-Site Request Forgery (CSRF) vulnerability in services/system_io/actionprocessor/System.rails. The issue allows an attacker to induce unauthorized actions, demonstrated by changing an e-mail address setting. Public details across multiple sources confirm ...
CVE-2017-11727
ConnectWise Manage 2017.5 is affected by a cross-site scripting vulnerability in the component services/system_io/actionprocessor/Contact.rails, exploitable when a victim clicks a specially crafted link that leverages a ContactCommon field to inject arbitrary client-side JavaScript. The issue is ...