← back
CVE-2026-22232

OPEXUS eCASE Audit Project Setup stored XSS

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
OPEXUS · eCASE Audit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdfhttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.jsonhttps://www.cve.org/CVERecord?id=CVE-2026-22232