opexustech ecase_ecomplaint CVE 漏洞(6)

CVE 數: 6 CPE versions: View versions table

摘要

本頁列出影響 opexustech ecase_ecomplaint 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。

顯示 166 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-32869 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information page. 9119a7d8-5eab-497f-8521-727c672e3725 5.1 0.14% 2026-03-19 2026-06-17
CVE-2026-32868 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. The attacker can run script in the context of a victim's session. 9119a7d8-5eab-497f-8521-727c672e3725 5.1 0.14% 2026-03-19 2026-06-17
CVE-2026-32867 OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage. 9119a7d8-5eab-497f-8521-727c672e3725 5.3 0.19% 2026-03-19 2026-06-17
CVE-2026-32866 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session. 9119a7d8-5eab-497f-8521-727c672e3725 5.1 0.14% 2026-03-19 2026-06-17
CVE-2026-32865 OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process. 9119a7d8-5eab-497f-8521-727c672e3725 9.2 0.31% 2026-03-19 2026-06-17
CVE-2026-22235 OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files. 9119a7d8-5eab-497f-8521-727c672e3725 8.7 0.32% 2026-01-08 2026-06-17
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence