Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python314Packages.titlecase

Found 4 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-32866
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 days, 15 hours ago
OPEXUS eComplaint and eCase stored XSS via profile first and last name

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session.

References

Affected products

eCASE
  • <10.1.0.0
  • ==10.1.0.0

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2026-32868
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 days, 15 hours ago
OPEXUS eComplaint and eCASE XSS via my information

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. The attacker can run script in the context of a victim's session.

References

Affected products

eCASE
  • <10.2.0.0
  • ==10.2.0.0
eComplaint
  • <10.2.0.0
  • ==10.2.0.0

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2026-32869
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 days, 15 hours ago
OPEXUS eComplaint and eCASE XSS via Name of Organization field

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information page.

References

Affected products

eCASE
  • <10.2.0.0
  • ==10.2.0.0
eComplaint
  • <10.2.0.0
  • ==10.2.0.0

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2026-32865
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 days, 15 hours ago
OPEXUS eComplaint and eCase insecure password reset

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process.

References

Affected products

eCASE
  • <10.1.0.0
  • ==10.1.0.0
eComplaint
  • <10.1.0.0
  • ==10.1.0.0

Matching in nixpkgs

Package maintainers