Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Jan 8, 2026

OPEXUS eCASE Audit Project Setup stored XSS

CVE-2026-22232

Description

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.

Affected products

Opexus/eCASE Auditllm-create
Range: <11.14.2.0
OPEXUS/eCASE Auditv5
Range: 11.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.jsonmitregovernment-resourcethird-party-advisory
docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdfmitrerelease-notes
www.cve.org/CVERecordmitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000