PT-2025-41198 · Opexus · Opexus Foiaxpress
Aaron M. Ramirez
+1
·
Published
2025-10-07
·
Updated
2025-10-22
·
CVE-2025-61996
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OPEXUS FOIAXpress versions prior to 11.13.3.0
Description
An administrative user can inject JavaScript or other content into the Annual Report Template. This injected content is executed when other users generate an Annual Report. Successful exploitation allows the administrative user to perform actions on behalf of the target, including stealing session cookies, user credentials, or sensitive data.
Recommendations
Update OPEXUS FOIAXpress to version 11.13.3.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opexus Foiaxpress