Impact
This vulnerability is an improper neutralization of input during web page generation in the ConnectWise Technology Integration configuration of WatchGuard Fireware OS. The flaw allows attackers to inject JavaScript that is stored and later rendered in the web interface, enabling stored cross‑site scripting. The primary impact is that an attacker can run arbitrary scripts in the browser context of any user who views the infected configuration, potentially leading to credential theft, session hijacking, or defacement of the management console. The weakness is identified as CWE‑79.
Affected Systems
Affected products are WatchGuard Fireware OS. Vulnerable releases include version 12.4 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2.
Risk and Exploitability
The CVSS base score is 4.8, indicating moderate severity. EPSS is not available and the vulnerability is not listed in CISA KEV. Because the flaw requires an authenticated user with privileges to modify the ConnectWise Technology Integration settings, the likelihood of exploitation without such credentials is limited. However, if privileged access is gained, stored XSS can be leveraged to execute malicious code on any browser that displays the compromised configuration.
OpenCVE Enrichment