These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-32868 is a medium-severity vulnerability in OPEXUS eComplaint and eCASE software. The issue arises from improper sanitization of first and last name fields in the 'My Information' screen, allowing authenticated attackers to inject XSS payloads. The payload executes when the full name is rendered, enabling the attacker to run scripts in the context of a victim's session. This vulnerability was rep [truncated]
CVE-2026-32866 is a stored XSS vulnerability in OPEXUS eComplaint and eCASE before version 10.2.0.0. The vulnerability occurs because the application does not properly sanitize the first and last name fields in a user's profile. An authenticated attacker can inject parts of an XSS payload into these fields. The payload is executed when the user's full name is rendered, allowing the attacker to run script [truncated]
CVE-2026-32865 is a critical vulnerability in OPEXUS eComplaint and eCASE software. The vulnerability occurs when the software includes the secret verification code in the HTTP response during a password reset via 'ForcePasswordReset.aspx'. This allows an attacker who knows an existing user's email address to reset the user's password and security questions without needing to answer existing security ques [truncated]
CVE-2026-22235 is a vulnerability in OPEXUS eComplaint before version 9.0.45.0. An attacker can exploit this vulnerability by visiting the 'DocumentOpen.aspx' endpoint and iterating through predictable values of 'chargeNumber' to download any uploaded files. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The CVE was published on January 7, 2026, and has not been modified sin [truncated]
CVE-2026-22234 is a critical unauthenticated IDOR vulnerability in OPEXUS eCasePortal before version 9.0.45.0. This vulnerability allows attackers to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files. The vulnerability has a CVSS score of 9.8 and is considered critical. The issue was publicly dis [truncated]