← volver
CVE-2026-22232

OPEXUS eCASE Audit Project Setup stored XSS

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Productos afectados
OPEXUS · eCASE Audit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdfhttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.jsonhttps://www.cve.org/CVERecord?id=CVE-2026-22232