How severe is CVE-2026-22233?

CVE-2026-22233 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2026-22233

5.5MEDIUM

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab.

Publicado: 1/8/2026Actualizado: 1/13/2026

Descripción

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.

Análisis IAImpulsado por IA

Referencias

https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdf
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json
https://www.cve.org/CVERecord?id=CVE-2026-22233