Discovered by Petar Sever on behalf of The Missing Link Security
ConnectWise PSA prior to 2026.1 is vulnerable to a stored cross-site scripting attack via the Time Entry Audit Trail component. Under specific conditions, this may allow an attacker to hijack a victim user’s session and perform actions in their security context.
Before 2026.1
Fixed in: 2026.1
The Missing Link acknowledges the Traditional Owners of the land where we work and live. We pay our respects to Elders past, present and emerging. We celebrate the stories, culture and traditions of Aboriginal and Torres Strait Islanders of all communities who also work and live on this land.