CVE-2017-11727

{"id": "CVE-2017-11727", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-07-31T23:29:00.287", "references": [{"url": "https://becomepentester.blogspot.in/2017/07/ConnectWise-Manage-XSS-CVE-2017-11727.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://becomepentester.blogspot.in/2017/07/ConnectWise-Manage-XSS-CVE-2017-11727.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS."}, {"lang": "es", "value": "services/system_io/actionprocessor/Contact.rails en ConnectWise Manage 2017.5 permite la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario del lado del cliente (involucrando un campo ContactCommon) sobre las v\u00edctimas que pulsen en un enlace manipulado. Esto tambi\u00e9n se conoce como Cross-Site Scripting (XSS)."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:connectwise:manage:2017.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F7D675E-3896-4360-9149-AF29DD568AF7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}