Aaron M. Ramirez

**Name of the Vulnerable Software and Affected Versions** OPEXUS eCASE Audit versions prior to 11.14.2.0 **Description** OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the `Estimated Staff Hours` field. This JavaScript is then executed when another user accesses the Project Cost tab. This is a stored cross-site scripting issue. **Recommendations** Update OPEXUS eCASE Audit to version 11.14.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** OPEXUS eCASE Audit versions prior to 11.14.1.0 **Description** An authenticated attacker can modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. The issue involves incorrect access control. **Recommendations** Update to eCASE Platform version 11.14.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** OPEXUS eCASE versions prior to 11.14.1.0 **Description** OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. This JavaScript is executed when another user views the Action History Log. The issue is a stored cross-site scripting (XSS) condition. The vulnerable functionality is related to the Document Check Out feature and the ability to add comments. **Recommendations** Update OPEXUS eCASE to version 11.14.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** OPEXUS eCASE Audit versions prior to 11.14.2.0 **Description** OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the “A or SIC Number” field within the Project Setup functionality. This JavaScript is executed when another user views the project. The affected field is used for project setup and allows for the storage of malicious code. The `A or SIC Number` field is the entry point for this issue. **Recommendations** Upgrade to OPEXUS eCASE Audit version 11.14.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** OPEXUS FOIAXpress versions prior to 11.13.3.0 **Description** An administrative user can inject JavaScript or other content into the Annual Report Template. This injected content is executed when other users generate an Annual Report. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing session cookies, user credentials, or sensitive data. **Recommendations** Update OPEXUS FOIAXpress to version 11.13.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** OPEXUS FOIAXpress versions prior to 11.13.3.0 **Description** An administrative user can inject JavaScript or other content into the Annual Report Enterprise Banner image upload field. This injected content is executed when other users generate an Annual Report. Successful exploitation allows the administrative user to perform actions on behalf of the target user, potentially including the theft of session cookies, user credentials, or sensitive data. The issue involves a stored cross-site scripting (XSS) condition. **Recommendations** Update OPEXUS FOIAXpress to version 11.13.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** OPEXUS FOIAXpress versions prior to 11.13.3.0 **Description** OPEXUS FOIAXpress before version 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. This injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the administrative user to perform actions on behalf of the target, potentially including stealing session cookies, user credentials, or sensitive data. **Recommendations** Update OPEXUS FOIAXpress to version 11.13.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** OPEXUS FOIAXpress versions prior to 11.13.3.0 **Description** An administrative user can upload JavaScript or other content embedded within an SVG image used as a logo. This injected content is executed when other users view affected pages. Successful exploitation allows the administrative user to perform actions on behalf of the target user, including stealing session cookies, user credentials, or sensitive data. **Recommendations** Update to version 11.13.3.0 or later.