VYPR

eComplaint

by Opexus

CVEs (6)

  • CVE-2026-32869Mar 19, 2026
    risk 0.00cvss epss 0.00

    OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit…

  • CVE-2026-32868Mar 19, 2026
    risk 0.00cvss epss 0.00

    OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full…

  • CVE-2026-32867Mar 19, 2026
    risk 0.00cvss epss 0.00

    OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could…

  • CVE-2026-32866Mar 19, 2026
    risk 0.00cvss epss 0.00

    OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name…

  • CVE-2026-32865Mar 19, 2026
    risk 0.00cvss epss 0.00

    OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security…

  • CVE-2026-22235Jan 8, 2026
    risk 0.00cvss epss 0.00

    OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.