CVE-2025-61998

Name of the Vulnerable Software and Affected Versions OPEXUS FOIAXpress versions prior to 11.13.3.0

Description OPEXUS FOIAXpress before version 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. This injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the administrative user to perform actions on behalf of the target, potentially including stealing session cookies, user credentials, or sensitive data.

Recommendations Update OPEXUS FOIAXpress to version 11.13.3.0 or later.