CVE-2025-62586
- EPSS 0.14%
- Veröffentlicht 16.10.2025 17:20:09
- Zuletzt bearbeitet 29.10.2025 20:07:15
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.
CVE-2025-61999
- EPSS 0.02%
- Veröffentlicht 07.10.2025 23:14:38
- Zuletzt bearbeitet 22.10.2025 14:45:32
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful explo...
CVE-2025-61998
- EPSS 0.02%
- Veröffentlicht 07.10.2025 23:14:16
- Zuletzt bearbeitet 22.10.2025 14:45:10
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious l...
CVE-2025-61997
- EPSS 0.02%
- Veröffentlicht 07.10.2025 23:13:54
- Zuletzt bearbeitet 22.10.2025 14:45:25
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Ann...
CVE-2025-61996
- EPSS 0.02%
- Veröffentlicht 07.10.2025 23:13:31
- Zuletzt bearbeitet 22.10.2025 14:45:18
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful explo...