exploitDog

CVE-2026-32866

Опубликовано: 19 мар. 2026

Источник: nvd

CVSS3: 5.5

CVSS3: 5.4

EPSS Низкий

Описание

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session.

Ссылки

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-077-01.json
Broken Link
https://www.cve.org/CVERecord?id=CVE-2026-32866
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opexustech:ecase_ecomplaint:*:*:*:*:*:*:*:*

Версия до 10.2.0.0 (исключая)

EPSS

Процентиль: 10%

0.00034

Низкий

5.5 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-659m-rw9h-f7v8

CVSS3: 5.5

github

около 2 месяцев назад

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session.

EPSS

Процентиль: 10%

0.00034

Низкий

5.5 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79