Nixpkgs security tracker
Dismissed
(not in Nixpkgs)
Permalink
CVE-2026-32866
5.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
OPEXUS eComplaint and eCase stored XSS via profile first and last name
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session.
Affected products
eCASE
- <10.1.0.0
- ==10.1.0.0
Matching in nixpkgs
pkgs.haskellPackages.titlecase
Convert English Words to Title Case
pkgs.python312Packages.titlecase
Python library to capitalize strings as specified by the New York Times
pkgs.python313Packages.titlecase
Python library to capitalize strings as specified by the New York Times
pkgs.python314Packages.titlecase
Python library to capitalize strings as specified by the New York Times
Package maintainers
-
@peti Peter Simons <simons@cryp.to>