CVE-2026-32868

OPEXUS eComplaint and eCASE XSS via my information

CVSS 5.1 MEDIUMEPSS 0.1%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. The attacker can run script in the context of a victim's session.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Produtos afetados

OPEXUS · eCASE OPEXUS · eComplaint

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-077-01.json https://www.cve.org/CVERecord?id=CVE-2026-32868