← Volver a CVEs
CVE-2026-22232
MEDIUM5.5
Descripcion
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado1/8/2026
Ultima modificacion2/5/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
opexustech:ecase_audit
Debilidades (CWE)
CWE-79
Referencias
https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cve.org/CVERecord?id=CVE-2026-22232(9119a7d8-5eab-497f-8521-727c672e3725)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.