Lucene search
+L

117 matches found

Cvelist
Cvelist
added 2026/01/08 5:11 p.m.25 views

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

5.5CVSS0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/01/08 5:10 p.m.15 views

CVE-2026-22232

OPEXUS eCASE Audit contains a stored cross-site scripting vulnerability in the Project Setup function. An authenticated attacker can save JavaScript in the “A or SIC Number” field, which is then executed when another user views the project. This affects the eCASE Audit component prior to version ...

5.5CVSS6.3AI score0.00207EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/08 5:10 p.m.24 views

CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

5.5CVSS0.00207EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 5:10 p.m.5 views

CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

5.5CVSS6.3AI score0.00207EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 5:10 p.m.4 views

CVE-2026-22230 OPEXUS eCASE Audit incorrect access control

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

7.6CVSS6.4AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/08 5:10 p.m.23 views

CVE-2026-22230 OPEXUS eCASE Audit incorrect access control

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0...

7.6CVSS0.00285EPSS
Exploits0References3
ICS
ICS
added 2026/01/08 4:36 p.m.10 views

OPEXUS eCASE

RISK EVALUATION OPEXUS eCASE Audit contains multiple vulnerabilities. An authenticated attacker could bypass authorization or inject JavaScript that could be executed in the context of other users. 2. RECOMMENDED PRACTICES Update to eCase Audit v11.14.2.0 and eCase Platform v11.14.1.0. 3...

7.6CVSS6.7AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.12 views

PT-2026-2174

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the “A or SIC Number” field within the Project Setup functionality. This JavaScript is executed when another...

5.5CVSS6.5AI score0.00207EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.13 views

PT-2026-2172

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.1.0 Description An authenticated attacker can modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. The issue...

7.6CVSS6.5AI score0.00285EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

OPEXUS eComplaint 安全漏洞

OPEXUS eComplaint is a complaint and grievance management platform from OPEXUS USA. A security vulnerability exists in OPEXUS eComplaint versions prior to 9.0.45.0 that originates from an attacker being able to traverse the chargeNumber value, potentially resulting in a file download...

8.7CVSS6.6AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.7 views

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Project Setup function, which could lead to cross-site scripting attacks...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.7 views

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Estimated Staff Hours field, potentially leading to a cross-site scripting attack...

5.5CVSS6AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Document Check Out feature, which could lead to cross-site scripting attacks...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.7 views

OPEXUS eCasePortal 安全漏洞

OPEXUS eCasePortal is a case management platform from OPEXUS USA. A security vulnerability exists in OPEXUS eCasePortal versions prior to 9.0.45.0 that originates from an unauthenticated attacker being able to traverse the formid value, potentially leading to the download or deletion of files...

9.8CVSS6.8AI score0.00375EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.10 views

PT-2026-2175

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Estimated Staff Hours field. This JavaScript is then executed when another user accesses...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.13 views

PT-2026-2177

Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint versions prior to 9.0.45.0 Description The application allows an attacker to access the 'DocumentOpen.aspx' endpoint and potentially download any uploaded files. This is possible by iterating through predictable values of the...

8.7CVSS6.7AI score0.00324EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/16 5:20 p.m.15 views

CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset

OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...

9.8CVSS0.00672EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/16 5:20 p.m.6 views

CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset

OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0...

9.8CVSS6.6AI score0.00672EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.10 views

OPEXUS FOIAXpress 安全漏洞

OPEXUS FOIAXpress is an information disclosure management software from OPEXUS Corporation. A security vulnerability exists in OPEXUS FOIAXpress versions prior to 11.13.2.0 that originates from a remote unauthenticated attacker who can reset the administrator password...

9.8CVSS6.3AI score0.00672EPSS
Exploits0References3
OSV
OSV
added 2025/10/08 12:15 a.m.6 views

CVE-2025-61999

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perfo...

4.8CVSS5.8AI score0.00225EPSS
Exploits0References3
Rows per page
Query Builder