PT-2026-26310 · Unknown · Opexus Ecase+1
Adam Rose
·
Published
2026-03-19
·
Updated
2026-03-23
·
CVE-2026-32868
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
OPEXUS eComplaint and eCASE versions prior to 10.2.0.0
Description
OPEXUS eComplaint and eCASE does not properly sanitize input in the first and last name fields within the 'My Information' screen. An authenticated attacker can inject parts of a cross-site scripting (XSS) payload into these fields. This payload is then executed when a victim views the full name, allowing the attacker to run script within the context of the victim’s session. The vulnerable fields are the
first name and last name fields.Recommendations
Update OPEXUS eComplaint and eCASE to version 10.2.0.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opexus Ecase
Opexus Ecomplaint