EUVD-2026-13128

🗓️ 19 Mar 2026 18:31:18Reported by EUVDType

Authenticated attacker can inject cross site scripting via first or last name on My Information; payload runs in victim session.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-32868	19 Mar 202615:48	–	attackerkb
Circl	CVE-2026-32868	19 Mar 202618:38	–	circl
CNNVD	OPEXUS eComplaint和OPEXUS eCASE 安全漏洞	19 Mar 202600:00	–	cnnvd
CVE	CVE-2026-32868	19 Mar 202615:48	–	cve
Cvelist	CVE-2026-32868 OPEXUS eComplaint and eCASE XSS via my information	19 Mar 202615:48	–	cvelist
NVD	CVE-2026-32868	19 Mar 202616:16	–	nvd
Positive Technologies	PT-2026-26310	19 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-32868	26 Mar 202615:10	–	redhatcve
Vulnrichment	CVE-2026-32868 OPEXUS eComplaint and eCASE XSS via my information	19 Mar 202615:48	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "f393b6ed-7749-30fb-af6a-1b6c322ccc22",
        "vendor": {
          "name": "OPEXUS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5e45bdc0-710a-3511-8a2f-bc48a4133e69",
        "product": {
          "name": "eComplaint"
        },
        "product_version": ""
      },
      {
        "id": "6a4e1214-b835-3a0c-8ed3-b290251fed32",
        "product": {
          "name": "eCASE"
        },
        "product_version": "0 <10.2.0.0"
      },
      {
        "id": "cac88c8c-ce62-33f6-bd98-664c3ee88b2b",
        "product": {
          "name": "eComplaint"
        },
        "product_version": "0 <10.2.0.0"
      },
      {
        "id": "dab44efc-f415-37f8-9a2b-81be4ea53d74",
        "product": {
          "name": "eCASE"
        },
        "product_version": ""
      }
    ]
  }
]

Source	Link
cve	www.cve.org/CVERecord
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-077-01.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-32868

19 Mar 2026 18:31Current

5.8Medium risk

Vulners AI Score5.8

CVSS 45.1

CVSS 3.15.5

EPSS0.00141

SSVC