PT-2025-41201 · Unknown · Opexus Foiaxpress
Aaron M. Ramirez
+1
·
Published
2025-10-07
·
Updated
2025-10-22
·
CVE-2025-61999
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OPEXUS FOIAXpress versions prior to 11.13.3.0
Description
An administrative user can upload JavaScript or other content embedded within an SVG image used as a logo. This injected content is executed when other users view affected pages. Successful exploitation allows the administrative user to perform actions on behalf of the target user, including stealing session cookies, user credentials, or sensitive data.
Recommendations
Update to version 11.13.3.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opexus Foiaxpress