Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OPEXUS — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting OPEXUS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OPEXUS operates as a specialized platform for managing operational expenditure, primarily serving enterprise finance and procurement workflows. Security audits have identified twenty recorded Common Vulnerabilities and Exposures (CVEs) associated with its infrastructure, indicating a history of significant technical debt. The most prevalent vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which pose critical risks to data integrity and user sessions. Additionally, instances of broken access control and privilege escalation have been documented, suggesting weaknesses in identity management and authorization logic. These flaws often stem from outdated dependencies or insufficient input validation within the application’s core modules. While no single catastrophic breach has been publicly attributed solely to OPEXUS, the cumulative effect of these twenty CVEs highlights systemic security gaps. Organizations utilizing this solution must prioritize immediate patching and rigorous penetration testing to mitigate the risk of exploitation in production environments.

Top products by OPEXUS: FOIAXpress eComplaint FOIAXpress Public Access Link (PAL) eCASE Audit eCase Portal eCASE
CVE IDTitleCVSSSeverityPublished
CVE-2026-32869 OPEXUS eComplaint and eCASE XSS via Name of Organization field — eComplaintCWE-79 5.5 Medium2026-03-19
CVE-2026-32868 OPEXUS eComplaint and eCASE XSS via my information — eComplaintCWE-79 5.5 Medium2026-03-19
CVE-2026-32867 OPEXUS eComplaint unauthenticated file upload — eComplaintCWE-639 5.4 Medium2026-03-19
CVE-2026-32866 OPEXUS eComplaint and eCase stored XSS via profile first and last name — eCASECWE-79 5.5 Medium2026-03-19
CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset — eComplaintCWE-200 9.8 Critical2026-03-19
CVE-2026-22235 OPEXUS eComplaint IDOR — eComplaintCWE-639 7.5 High2026-01-08
CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR — eCase PortalCWE-639 9.8 Critical2026-01-08
CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS — eCASE AuditCWE-79 5.5 Medium2026-01-08
CVE-2026-22232 OPEXUS eCASE Audit Project Setup stored XSS — eCASE AuditCWE-79 5.5 Medium2026-01-08
CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS — eCASE AuditCWE-79 5.5 Medium2026-01-08
CVE-2026-22230 OPEXUS eCASE Audit incorrect access control — eCASE AuditCWE-863 7.6 High2026-01-08
CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset — FOIAXpressCWE-306 9.8 Critical2025-10-16
CVE-2025-61999 OPEXUS FOIAXpress stored XSS via logo image — FOIAXpressCWE-79 4.3 Medium2025-10-07
CVE-2025-61998 OPEXUS FOIAXpress stored XSS via Hyperlink Manager — FOIAXpressCWE-79 4.3 Medium2025-10-07
CVE-2025-61997 OPEXUS FOIAXpress stored XSS via banner image — FOIAXpressCWE-79 4.3 Medium2025-10-07
CVE-2025-61996 OPEXUS FOIAXpress stored XSS via annual report template — FOIAXpressCWE-79 4.3 Medium2025-10-07
CVE-2025-58462 OPEXUS FOIAXpress PAL SQL injection — FOIAXpress Public Access Link (PAL)CWE-89 9.8 Critical2025-09-09
CVE-2025-54833 OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass — FOIAXpress Public Access Link (PAL)CWE-307 5.3 Medium2025-07-31
CVE-2025-54834 OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration — FOIAXpress Public Access Link (PAL)CWE-204 5.3 Medium2025-07-31
CVE-2025-54832 OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification — FOIAXpress Public Access Link (PAL)CWE-472 4.3 Medium2025-07-31

This page lists every published CVE security advisory associated with OPEXUS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.