CVE 8.7 HIGH

Stored XSS in Time Entry Audit Trail_CVE-2026-0695

January 16, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

AI Analysis

Stored Cross-Site Scripting (XSS) vulnerability in Time Entry Audit Trail, allowing stored script code to execute in the context of a user's browser

Basic Information

ID CVE-2026-0695

Source ConnectWise

Published Jan 16, 2026 at 13:34

Modified Jan 16, 2026 at 14:07

Affected Product

Vendor ConnectWise

Product PSA

Version All versions prior to 2026.1

Affected Versions ConnectWise PSA All versions prior to 2026.1

CWE Classification

CWE-79

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor ConnectWise

Product ConnectWise PSA

Version All versions prior to 2026.1

References

www.connectwise.com /company/trust/security-bulletins/2026-01-15-psa-security-fix

{
    "lastseen": "",
    "description": "In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user\u2019s browser when the affected content is displayed.",
    "published": "2026-01-16T13:34:42.833Z",
    "modified": "2026-01-16T14:07:48.888Z",
    "type": "cve",
    "title": "Stored XSS in Time Entry Audit Trail",
    "source": "ConnectWise",
    "references": "https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix",
    "id": "CVE-2026-0695",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "ConnectWise PSA All versions prior to 2026.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PSA",
    "version": "All versions prior to 2026.1",
    "vendor": "ConnectWise",
    "ai_description": "Stored Cross-Site Scripting (XSS) vulnerability in Time Entry Audit Trail, allowing stored script code to execute in the context of a user's browser",
    "ai_severity": "High",
    "ai_vendor": "ConnectWise",
    "ai_product": "ConnectWise PSA",
    "ai_version": "All versions prior to 2026.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply