May 20, 2024 Information hub

Critical ConnectWise Vulnerability Explained

ConnectWise Manage, a popular business management software used by many IT companies and MSPs, was found to have a serious vulnerability that could potentially allow attackers to execute arbitrary JavaScript code on victim’s browsers. This vulnerability was discovered by security researcher from Securityium Pentester and was assigned CVE-2017-11727.


Vulnerability Details:

ConnectWise Manage is a web-based business management software that allows businesses to manage their workflow and automate their processes. The vulnerability discovered in ConnectWise Manage allows attackers to execute arbitrary client-side JavaScript code on victim’s browser when they click on a specially crafted link. This can allow attackers to perform various malicious activities such as session ID and data theft, bypassing CSRF protections, injection of iframes to establish communication channels and more.


The vulnerability exists in the ‘actionMessage’ parameter which is used to pass JSON data to the server-side application. Attackers can manipulate this parameter to include malicious JavaScript code, which will then be executed by the victim’s browser.


Exploit Code:

The following exploit code can be used to exploit this vulnerability: https://<domain>.com/v4_6_release/services/system_io/actionprocessor/Contact.rails?actionMessage=%7b%22payload%22%3a%22%7b%5c%22companyRecId%5c%22%3a19383%7d%22%2c%22payloadClassName%22%3a%22GetCompanyNameAction%vcdj%3cscript%3ealert(1111)%3c%5c%2fscript%3ex9uwe%22%7d&clientTimezoneOffset=-420&clientTimezoneName=Pacific+Standard+Time


Affected Component:

The vulnerability is present in the ‘actionMessage’ parameter which includes json parameters(ContactCommon) in ConnectWise Manage version v2017.5.


Severity Level:

This vulnerability has a high severity level as it can potentially allow attackers to execute arbitrary JavaScript code on victim’s browsers, leading to session ID and data theft, bypassing CSRF protections and more.


Disclosure Timeline:

The vulnerability was reported to Mitre on July 29, 2017, and was publicly disclosed on August 1, 2017.



To mitigate this vulnerability, users of ConnectWise Manage are advised to update to the latest version of the software which has the necessary security patches applied. Users should also be cautious when clicking on links from untrusted sources and should enable browser security features such as Content Security Policy (CSP) to prevent the execution of malicious JavaScript code.



The discovery of this vulnerability highlights the importance of regularly testing web applications for vulnerabilities and promptly applying necessary security patches to ensure the safety and security of sensitive data. Vulnerabilities such as CVE-2017-11727 can be exploited by attackers to perform various malicious activities and can have serious consequences for businesses and individuals alike.

Recent Stories


Supply Chain Management in Cybersecurity

Jul 4, 2024 Information hub

Protect your business from supply chain attacks with Securityium's comprehensive strategies and insights on mitigating cybersecurity risks effectively.


Vendor Impersonation Threat in IT Security

Jun 27, 2024 Information hub

Protect your business from phishing attacks with Securityium's insights on preventing cyber threats through robust IT security measures and training.


Preventing Phishing-Induced Data Breach

Jun 20, 2024 Information hub

Prevent data breaches with Securityium's insights on phishing risks, breach causes at Dropbox, and proactive cybersecurity measures.

Protect your business assets and data with Securityium's comprehensive IT security solutions!