117 matches found
CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...
CVE-2026-22232
OPEXUS eCASE Audit contains a stored cross-site scripting vulnerability in the Project Setup function. An authenticated attacker can save JavaScript in the “A or SIC Number” field, which is then executed when another user views the project. This affects the eCASE Audit component prior to version ...
CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...
CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...
CVE-2026-22230 OPEXUS eCASE Audit incorrect access control
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...
CVE-2026-22230 OPEXUS eCASE Audit incorrect access control
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...
OPEXUS eCASE
RISK EVALUATION OPEXUS eCASE Audit contains multiple vulnerabilities. An authenticated attacker could bypass authorization or inject JavaScript that could be executed in the context of other users. 2. RECOMMENDED PRACTICES Update to eCase Audit v11.14.2.0 and eCase Platform v11.14.1.0. 3...
PT-2026-2174
Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the “A or SIC Number” field within the Project Setup functionality. This JavaScript is executed when another...
PT-2026-2172
Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.1.0 Description An authenticated attacker can modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. The issue...
OPEXUS eComplaint 安全漏洞
OPEXUS eComplaint is a complaint and grievance management platform from OPEXUS USA. A security vulnerability exists in OPEXUS eComplaint versions prior to 9.0.45.0 that originates from an attacker being able to traverse the chargeNumber value, potentially resulting in a file download...
OPEXUS eCASE Audit 安全漏洞
OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Project Setup function, which could lead to cross-site scripting attacks...
OPEXUS eCASE Audit 安全漏洞
OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Estimated Staff Hours field, potentially leading to a cross-site scripting attack...
OPEXUS eCASE Audit 安全漏洞
OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Document Check Out feature, which could lead to cross-site scripting attacks...
OPEXUS eCasePortal 安全漏洞
OPEXUS eCasePortal is a case management platform from OPEXUS USA. A security vulnerability exists in OPEXUS eCasePortal versions prior to 9.0.45.0 that originates from an unauthenticated attacker being able to traverse the formid value, potentially leading to the download or deletion of files...
PT-2026-2175
Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Estimated Staff Hours field. This JavaScript is then executed when another user accesses...
PT-2026-2177
Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint versions prior to 9.0.45.0 Description The application allows an attacker to access the 'DocumentOpen.aspx' endpoint and potentially download any uploaded files. This is possible by iterating through predictable values of the...
CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...
CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...
OPEXUS FOIAXpress 安全漏洞
OPEXUS FOIAXpress is an information disclosure management software from OPEXUS Corporation. A security vulnerability exists in OPEXUS FOIAXpress versions prior to 11.13.2.0 that originates from a remote unauthenticated attacker who can reset the administrator password...
CVE-2025-61999
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perfo...