OPEXUS eCASE Audit Project Setup stored XSS_CVE-2026-22232

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.

Basic Information

ID CVE-2026-22232

Source cisa-cg

Published Jan 8, 2026 at 17:10

Modified Jan 8, 2026 at 17:51

Affected Product

Vendor OPEXUS

Product eCASE Audit

Version 11.4.0

Affected Versions OPEXUS eCASE Audit 11.4.0

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the \"A or SIC Number\" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.",
    "published": "2026-01-08T17:10:41.189Z",
    "modified": "2026-01-08T17:51:05.746Z",
    "type": "cve",
    "title": "OPEXUS eCASE Audit Project Setup stored XSS",
    "source": "cisa-cg",
    "references": "https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdf\nhttps://www.cve.org/CVERecord?id=CVE-2026-22232\nhttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json",
    "id": "CVE-2026-22232",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "OPEXUS eCASE Audit 11.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "eCASE Audit",
    "version": "11.4.0",
    "vendor": "OPEXUS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}