cbcvebase.

Opexus Foiaxpress vulnerabilities

5 known vulnerabilities affecting opexus/foiaxpress.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-62586P2CRITICALCVSS 9.8≥ 11.1.0, < 11.13.2.02025-10-16
CVE-2025-62586 [CRITICAL] CWE-306 CVE-2025-62586: OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fix OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.
nvd
CVE-2025-61999P4MEDIUMCVSS 4.8fixed in 11.13.3.02025-10-08
CVE-2025-61999 [MEDIUM] CWE-79 CVE-2025-61999: OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other conte OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing
nvd
CVE-2025-61997P4MEDIUMCVSS 4.8fixed in 11.13.3.02025-10-08
CVE-2025-61997 [MEDIUM] CWE-79 CVE-2025-61997: OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other conte OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perform actions on behalf of the
nvd
CVE-2025-61996P4MEDIUMCVSS 4.8fixed in 11.13.3.02025-10-08
CVE-2025-61996 [MEDIUM] CWE-79 CVE-2025-61996: OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other conte OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing
nvd
CVE-2025-61998P4MEDIUMCVSS 4.8fixed in 11.13.3.02025-10-08
CVE-2025-61998 [MEDIUM] CWE-79 CVE-2025-61998: OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other conte OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the administrative user to perform actions on behalf of the target
nvd
Opexus Foiaxpress vulnerabilities | cvebase