PT-2026-26308 · Unknown · Opexus Ecase+1

Adam Rose

Publicado

2026-03-19

Atualizado

2026-03-23

CVE-2026-32866

CVSS v3.1

5.5

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint and eCASE versions prior to 10.2.0.0

Description OPEXUS eComplaint and eCASE does not properly sanitize the first name and last name fields within a user profile. An authenticated attacker can inject parts of a cross-site scripting (XSS) payload into these fields. The injected payload is executed when a user’s full name is displayed. This allows the attacker to execute script in the context of a victim’s session.

Recommendations Update OPEXUS eComplaint and eCASE to version 10.2.0.0 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-32866

Produtos afetados

Opexus Ecase

Opexus Ecomplaint

PT-2026-26308 · Unknown · Opexus Ecase+1

CVE-2026-32866

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6