CVE-2026-22233

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22233

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22233

Issue overview : OPEXUS eCASE Audit is vulnerable to a stored XSS when an authenticated user saves JavaScript in the Estimated Staff Hours field. When another user visits the Project Cost tab, the injected script executes in their browser. Affected software/versions : OPEXUS eCASE Audit (versions...

PT-2026-2175

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Estimated Staff Hours field. This JavaScript is then executed when another user accesses...

EUVD-2025-24790

Malicious code in bioql PyPI...

CVE-2025-52775 WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Project Cost Calculator: from n/a through 1.0.0...

CVE-2025-52775

CVE-2025-52775 concerns the WordPress plugin Project Cost Calculator (versions ≤ 1.0.0). The issue is a missing/ broken authorization flaw caused by incorrectly configured access control security levels, enabling unauthorized access to cost calculator data. CVSS v3.1 metrics: AV:N, AC:L, PR:L, UI...

CVE-2025-52775 WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through = 1.0.0...

PT-2025-33213 · WordPress · Project Cost Calculator

Name of the Vulnerable Software and Affected Versions: Ronik@UnlimitedWP Project Cost Calculator versions through 1.0.0 Description: A missing authorization flaw exists in Ronik@UnlimitedWP Project Cost Calculator due to incorrectly configured access control security levels. Recommendations: At t...

WordPress plugin Project Cost Calculator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Calculating project cost is vulnerable to reaching block gas-limit

Lines of code Vulnerability details Impact The function Project.projectCost calculates the project costs by calculating the sum of all project task costs. However, due to the unbound for loop, iterating over a potentially large amount of project tasks, this function can potentially DoS due to...