CVE-2026-32865

Critical CVSS: 9.2

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process.

Vendor

Opexustech

Product

Ecase Ecomplaint

CWE

CWE-200

Yayın Tarihi

2026-03-19 16:16:03

Güncelleme

2026-03-30 13:12:06

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

Kategoriler

CWE-200 Ecase Ecomplaint CRITICAL Opexustech 2026

Referanslar

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-077-01.json https://www.cve.org/CVERecord?id=CVE-2026-32865

Benzer Kayıtlar

Medium

CVE-2026-32869

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field w…

Medium

CVE-2026-32866

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a us…

Medium

CVE-2026-32867

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number…

Medium

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the…

Medium

CVE-2026-22232

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project…

Medium

CVE-2026-22233

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field…