An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
References
Link | Resource |
---|---|
https://know.bishopfox.com/advisories | Third Party Advisory |
https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox | Third Party Advisory |
https://know.bishopfox.com/advisories/connectwise-control | Exploit Third Party Advisory |
https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox | Third Party Advisory |
https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-01-23 10:15
Updated : 2020-01-24 13:57
NVD link : CVE-2019-16512
Mitre link : CVE-2019-16512
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
connectwise
- control