Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36 matches found

RedhatCVE
RedhatCVEadded 2026/03/26 3:11 p.m.2 views

CVE-2026-32866

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:10 p.m.3 views

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:10 p.m.3 views

CVE-2026-32869

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:10 p.m.1 views

CVE-2026-32867

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

5.4CVSS5.9AI score0.00091EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.2 views

CVE-2026-32865

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00062EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/19 6:31 p.m.3 views

EUVD-2026-13130

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References3
NVD
NVDadded 2026/03/19 4:16 p.m.2 views

CVE-2026-32869

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...

5.5CVSS0.00039EPSS
Exploits0References2
NVD
NVDadded 2026/03/19 4:16 p.m.2 views

CVE-2026-32866

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

5.5CVSS0.00039EPSS
Exploits0References2
NVD
NVDadded 2026/03/19 4:16 p.m.2 views

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

5.5CVSS0.00039EPSS
Exploits0References2
NVD
NVDadded 2026/03/19 4:16 p.m.2 views

CVE-2026-32865

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS0.00062EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/19 3:49 p.m.22 views

CVE-2026-32869 OPEXUS eComplaint and eCASE XSS via Name of Organization field

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information...

5.5CVSS0.00039EPSS
Exploits0References2
CVE
CVEadded 2026/03/19 3:49 p.m.5 views

CVE-2026-32869

CVE-2026-32869 affects OPEXUS eComplaint and eCASE prior to 10.2.0.0. The issue is improper sanitization of the Name of Organization field in case information, allowing an authenticated attacker to inject an XSS payload executed in the victim’s session when visiting the case information page. The...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/19 3:48 p.m.11 views

CVE-2026-32868

CVE-2026-32868 affects OPEXUS eComplaint and eCASE prior to 10.2.0.0. The issue is improper sanitization of the first and last name fields on the My Information screen, enabling an authenticated attacker to inject an XSS payload that executes when the full name is rendered in the victim’s session...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/19 3:48 p.m.4 views

CVE-2026-32868 OPEXUS eComplaint and eCASE XSS via my information

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/19 3:48 p.m.2 views

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/19 3:48 p.m.3 views

CVE-2026-32867 OPEXUS eComplaint unauthenticated file upload

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

5.4CVSS5.9AI score0.00091EPSS
Exploits0References2
CVE
CVEadded 2026/03/19 3:48 p.m.5 views

CVE-2026-32867

CVE-2026-32867 affects OPEXUS eComplaint prior to version 10.1.0.0. An unauthenticated attacker can obtain or guess an existing case number and upload arbitrary files through Portal/EEOC/DocumentUploadPub.aspx, causing unexpected files to appear in cases and potentially increasing storage usage. ...

9.8CVSS5.9AI score0.00091EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/19 3:48 p.m.21 views

CVE-2026-32866 OPEXUS eComplaint and eCase stored XSS via profile first and last name

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

5.5CVSS0.00039EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/19 3:48 p.m.1 views

CVE-2026-32866 OPEXUS eComplaint and eCase stored XSS via profile first and last name

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

5.5CVSS5.8AI score0.00039EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/19 3:47 p.m.17 views

CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS0.00062EPSS
Exploits0References2
Rows per page
Query Builder