CVE-2026-22232

Published: Jan 8, 2026Modified: Feb 5, 2026

4.8

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)

Description

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0.

Affected (1)

Products: Opexustech: Ecase Audit

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opexustech Ecase Audit	From 11.4.0 to 11.14.2.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (3)

https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdf

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Release Notes

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Broken Link

https://www.cve.org/CVERecord?id=CVE-2026-22232

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

Timeline

No history available yet.