Cross-site scripting in Fireware OS - CVE-2026-13374
Published: July 3, 2026
Fireware OS
Detailed vulnerability description
The vulnerability allows a remote user to perform stored cross-site scripting.
The vulnerability exists due to cross-site scripting in the ConnectWise Technology Integration module when generating web pages with user-supplied input. A remote privileged user can inject a crafted payload to perform stored cross-site scripting.
This issue is described as an additional unmitigated attack path for CVE-2025-13937.