Nixpkgs security tracker
8.7 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
23 packages
- mopsa
- sipsak
- sharpsat-td
- purescript-psa
- svndumpsanitizer
- phpPackages.psalm
- ocamlPackages.mopsa
- php82Packages.psalm
- php83Packages.psalm
- php84Packages.psalm
- haskellPackages.cpsa
- python312Packages.tapsaff
- python313Packages.tapsaff
- nodePackages.purescript-psa
- python312Packages.markupsafe
- python312Packages.psautohint
- terraform-providers.vpsfreecz_vpsadmin
- python313Packages.types-markupsafe
- python312Packages.types-markupsafe
- nodePackages_latest.purescript-psa
- terraform-providers.vpsadmin
- python313Packages.psautohint
- python313Packages.markupsafe
- @LeSuisse dismissed
Stored XSS in Time Entry Audit Trail
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.
References
Affected products
- ==All versions prior to 2026.1
Ignored packages (23)
pkgs.mopsa
A Modular and Open Platform for Static Analysis using Abstract Interpretation
pkgs.sipsak
SIP Swiss army knife
pkgs.sharpsat-td
Fast solver for the #SAT model counting problem
-
nixos-unstable 0-unstable-2021-09-05
- nixpkgs-unstable 0-unstable-2021-09-05
- nixos-unstable-small 0-unstable-2021-09-05
pkgs.purescript-psa
Error/Warning reporting frontend for psc
pkgs.svndumpsanitizer
Alternative to svndumpfilter that discovers which nodes should actually be kept
pkgs.phpPackages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.ocamlPackages.mopsa
Modular and Open Platform for Static Analysis using Abstract Interpretation
pkgs.php82Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.php83Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.php84Packages.psalm
Static analysis tool for finding errors in PHP applications
pkgs.haskellPackages.cpsa
Symbolic cryptographic protocol analyzer
pkgs.python312Packages.tapsaff
Provides an API for requesting information from taps-aff.co.uk
pkgs.python313Packages.tapsaff
Provides an API for requesting information from taps-aff.co.uk
pkgs.nodePackages.purescript-psa
Error/Warning reporting frontend for psc
pkgs.python312Packages.markupsafe
Implements a XML/HTML/XHTML Markup safe string
pkgs.python312Packages.psautohint
Script to normalize the XML and other data inside of a UFO
pkgs.python313Packages.markupsafe
Implements a XML/HTML/XHTML Markup safe string
pkgs.python313Packages.psautohint
Script to normalize the XML and other data inside of a UFO
pkgs.terraform-providers.vpsadmin
None
pkgs.nodePackages_latest.purescript-psa
Error/Warning reporting frontend for psc
pkgs.python312Packages.types-markupsafe
Typing stubs for MarkupSafe
pkgs.python313Packages.types-markupsafe
Typing stubs for MarkupSafe
pkgs.terraform-providers.vpsfreecz_vpsadmin
None