PT-2026-26310 · Unknown · Opexus Ecase+1

Adam Rose

Publicado

2026-03-19

Atualizado

2026-03-23

CVE-2026-32868

CVSS v3.1

5.5

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint and eCASE versions prior to 10.2.0.0

Description OPEXUS eComplaint and eCASE does not properly sanitize input in the first and last name fields within the 'My Information' screen. An authenticated attacker can inject parts of a cross-site scripting (XSS) payload into these fields. This payload is then executed when a victim views the full name, allowing the attacker to run script within the context of the victim’s session. The vulnerable fields are the first name and last name fields.

Recommendations Update OPEXUS eComplaint and eCASE to version 10.2.0.0 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-32868

Produtos afetados

Opexus Ecase

Opexus Ecomplaint

PT-2026-26310 · Unknown · Opexus Ecase+1

CVE-2026-32868

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6