Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-32869

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 month ago Activity log

Created suggestion 1 month ago

OPEXUS eComplaint and eCASE XSS via Name of Organization field

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information page.

References

url
url

Affected products

eCASE

<10.2.0.0
==10.2.0.0

eComplaint

<10.2.0.0
==10.2.0.0

Matching in nixpkgs

pkgs.haskellPackages.titlecase

Convert English Words to Title Case

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 1.0.1
- nixos-25.11-small 1.0.1
- nixpkgs-25.11-darwin 1.0.1

pkgs.python312Packages.titlecase

Python library to capitalize strings as specified by the New York Times

nixos-25.11 2.4
- nixos-25.11-small 2.4
- nixpkgs-25.11-darwin 2.4

pkgs.python313Packages.titlecase

Python library to capitalize strings as specified by the New York Times

nixos-unstable 2.4.1
- nixpkgs-unstable 2.4.1
- nixos-unstable-small 2.4.1
nixos-25.11 2.4
- nixos-25.11-small 2.4
- nixpkgs-25.11-darwin 2.4

pkgs.python314Packages.titlecase

Python library to capitalize strings as specified by the New York Times

nixos-unstable 2.4.1
- nixpkgs-unstable 2.4.1
- nixos-unstable-small 2.4.1

Package maintainers

@peti Peter Simons <simons@cryp.to>