exploitDog

GHSA-xgp7-wwhw-7q3c

Опубликовано: 08 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 4.8

CVSS3: 5.5

Описание

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.

Ссылки

EPSS

Процентиль: 9%

0.00033

Низкий

4.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2026-22233

CVSS3: 5.5

nvd

около 1 месяца назад

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.

EPSS

Процентиль: 9%

0.00033

Низкий

4.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-79