CVE: CVE-2026-22232 Published: 2026-01-08 Updated: 2026-01-08 Title: OPEXUS eCASE Audit Project Setup stored XSS Description: OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0. CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS: Score: 4.8 (Medium) - Version 4.0 Score: 5.5 (Medium) - Version 3.1 Product Status: Vendor: OPEXUS Product: eCASE Audit Versions Affected: 11.4.0 - before 11.14.2.0 Credits: Aaron M. Ramirez, Son Nguyen, Wesley Cuffee, United States Department of Justice References: docs.opexustech.com: url - release-notes cve.org: url - vdb-entry raw.githubusercontent.com: url - government-resource, third-party-advisory Authorized Data Publishers: CISA-ADP