Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Jan 8, 2026
OPEXUS eCASE Audit Project Setup stored XSS
CVE-2026-22232
Description
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<11.14.2.0+ 1 more
- (no CPE)range: <11.14.2.0
- (no CPE)range: 11.4.0
Patches
Vulnerability mechanics
References
3- raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.jsonmitregovernment-resourcethird-party-advisory
- docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdfmitrerelease-notes
- www.cve.org/CVERecordmitrevdb-entry
News mentions
0No linked articles in our index yet.