6 matches found
CVE-2026-22233
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...
CVE-2026-22232
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0...
CVE-2026-22233
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...
CVE-2026-22232
OPEXUS eCASE Audit contains a stored cross-site scripting vulnerability in the Project Setup function. An authenticated attacker can save JavaScript in the “A or SIC Number” field, which is then executed when another user views the project. This affects the eCASE Audit component prior to version ...
PT-2026-2174
Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the “A or SIC Number” field within the Project Setup functionality. This JavaScript is executed when another...
PT-2026-2175
Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Estimated Staff Hours field. This JavaScript is then executed when another user accesses...