Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-0695
8.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    23 packages
    • mopsa
    • sipsak
    • sharpsat-td
    • purescript-psa
    • svndumpsanitizer
    • phpPackages.psalm
    • ocamlPackages.mopsa
    • php82Packages.psalm
    • php83Packages.psalm
    • php84Packages.psalm
    • haskellPackages.cpsa
    • python312Packages.tapsaff
    • python313Packages.tapsaff
    • nodePackages.purescript-psa
    • python312Packages.markupsafe
    • python312Packages.psautohint
    • terraform-providers.vpsfreecz_vpsadmin
    • python313Packages.types-markupsafe
    • python312Packages.types-markupsafe
    • nodePackages_latest.purescript-psa
    • terraform-providers.vpsadmin
    • python313Packages.psautohint
    • python313Packages.markupsafe
    2 months ago
  • @LeSuisse dismissed 2 months ago
Stored XSS in Time Entry Audit Trail

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

References

Affected products

PSA
  • ==All versions prior to 2026.1 
Does not impact a package available in nixpkgs