Foiaxpress

foiaxpress

Vendor: Opexustech • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-62586 1Opexustech 1Foiaxpress Oct 29, 2025 Oct 16, 2025 8.9 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.
CVE-2025-61999 1Opexustech 1Foiaxpress Oct 22, 2025 Oct 8, 2025 4.8 MEDIUM· v4 4.8 MEDIUM· v3 N/A· v2 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view af...Show more OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing session cookies, user credentials, or sensitive data.Show less
CVE-2025-61998 1Opexustech 1Foiaxpress Oct 22, 2025 Oct 8, 2025 4.8 MEDIUM· v4 4.8 MEDIUM· v3 N/A· v2 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users w...Show more OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing session cookies, user credentials, or sensitive data.Show less
CVE-2025-61997 1Opexustech 1Foiaxpress Oct 22, 2025 Oct 8, 2025 4.8 MEDIUM· v4 4.8 MEDIUM· v3 N/A· v2 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other u...Show more OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing session cookies, user credentials, or sensitive data.Show less
CVE-2025-61996 1Opexustech 1Foiaxpress Oct 22, 2025 Oct 8, 2025 4.8 MEDIUM· v4 4.8 MEDIUM· v3 N/A· v2 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an A...Show more OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing session cookies, user credentials, or sensitive data.Show less