How severe is CVE-2026-22233?

CVE-2026-22233 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2026-22233

5.5MEDIUM

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab.

Publicado: 1/8/2026Atualizado: 1/13/2026

Descrição

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.

Análise IADesenvolvido por IA

Referências

https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdf
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json
https://www.cve.org/CVERecord?id=CVE-2026-22233