PatchSiren cyber security CVE debrief
CVE-2026-22232 OPEXUS CVE debrief
CVE-2026-22232 is a stored cross-site scripting (XSS) vulnerability in the OPEXUS eCASE Audit software. An authenticated attacker can exploit this vulnerability by saving JavaScript code in the 'A or SIC Number' field within the Project Setup functionality. When another user views the project, the JavaScript code is executed. This vulnerability was fixed in OPEXUS eCASE Audit version 11.14.2.0. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a medium severity level. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L.
- Vendor
- OPEXUS
- Product
- eCASE Audit
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-08
- Original CVE updated
- 2026-01-08
- Advisory published
- 2026-01-08
- Advisory updated
- 2026-01-08
Who should care
Organizations using OPEXUS eCASE Audit versions prior to 11.14.2.0 should be aware of this vulnerability and take steps to mitigate it. Specifically, administrators and users of the affected software should prioritize updating to the patched version to prevent exploitation. Additionally, defenders should monitor for potential suspicious activity related to this vulnerability.
Technical summary
The CVE-2026-22232 vulnerability is a stored XSS issue in the OPEXUS eCASE Audit software. The vulnerability exists in the Project Setup functionality, where an authenticated attacker can inject JavaScript code into the 'A or SIC Number' field. This code is then executed when another user views the project, potentially leading to malicious actions. The vulnerability has a CVSS score of 5.5 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L. The issue was fixed in OPEXUS eCASE Audit version 11.14.2.0.
Defensive priority
Defenders should prioritize patching OPEXUS eCASE Audit installations to version 11.14.2.0 or later. Additionally, monitoring and incident response plans should be in place to detect and respond to potential exploitation attempts.
Recommended defensive actions
- Patch OPEXUS eCASE Audit installations to version 11.14.2.0 or later.
- Monitor for suspicious activity related to this vulnerability.
- Implement additional security measures to detect and prevent XSS attacks.
- Review and update incident response plans to address potential exploitation attempts.
- Conduct regular vulnerability assessments and penetration testing to identify and address potential vulnerabilities.
Evidence notes
The CVE-2026-22232 vulnerability was identified in OPEXUS eCASE Audit software. The vulnerability allows an authenticated attacker to save JavaScript in the 'A or SIC Number' field within the Project Setup functionality, which is then executed when another user views the project. The vulnerability was fixed in OPEXUS eCASE Audit version 11.14.2.0. The CVSS score for this vulnerability is 5.5, indicating a medium severity level.
Official resources
-
CVE-2026-22232 CVE record
CVE.org
-
CVE-2026-22232 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
This article was generated with AI assistance based on the supplied source corpus.