CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-22233

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.3%

CVSS Severity

CVSS v3 Score 5.5

References

https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdf
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json
https://www.cve.org/CVERecord?id=CVE-2026-22233

Products affected by CVE-2026-22233

Opexustech » Ecase Audit » Version: Any

cpe:2.3:a:opexustech:ecase_audit:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22233

Products

Pricing

Contact Us