PT-2026-2175 · Opexus · Opexus Ecase Audit
Aaron M. Ramirez
+2
·
Published
2026-01-08
·
Updated
2026-01-09
·
CVE-2026-22233
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
OPEXUS eCASE Audit versions prior to 11.14.2.0
Description
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the
Estimated Staff Hours field. This JavaScript is then executed when another user accesses the Project Cost tab. This is a stored cross-site scripting issue.Recommendations
Update OPEXUS eCASE Audit to version 11.14.2.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opexus Ecase Audit