27 matches found
CVE-2025-61997
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...
CVE-2025-61997
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...
CVE-2025-61996
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...
CVE-2025-61996
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...
OPEXUS FOIAXpress 安全漏洞
OPEXUS FOIAXpress is an information disclosure management software from OPEXUS Corporation. A security vulnerability exists in OPEXUS FOIAXpress versions prior to 11.13.3.0 that originates from an administrative user being able to inject JavaScript or other content into the annual report template...
CVE-2025-61996 OPEXUS FOIAXpress stored XSS via annual report template
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...
CVE-2025-61996 OPEXUS FOIAXpress stored XSS via annual report template
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...
CVE-2025-61996
CVE-2025-61996 affects OPEXUS FOIAXpress prior to 11.13.3.0. An administrative user can inject JavaScript or other content into the Annual Report Template, with injected content executed in other users’ sessions when they generate an Annual Report. This constitutes a stored XSS exposure that coul...
OPEXUS FOIAXpress stored XSS
RISK EVALUATION OPEXUS FOIAXpress before 11.13.3.0 contains multiple stored cross-site-scripting vulnerabilities. These vulnerabilities allow an authenticated administrative user to inject JavaScript or other content into various components of FOIAXpress. Successful exploitation allows the...
PT-2025-41199
Name of the Vulnerable Software and Affected Versions OPEXUS FOIAXpress versions prior to 11.13.3.0 Description An administrative user can inject JavaScript or other content into the Annual Report Enterprise Banner image upload field. This injected content is executed when other users generate an...
Penetration testing: shifting paradigms from reactive to proactive
Part 2 in a blog series spotlighting Coalfires 5th Annual Penetration Risk Report...
The state of cybersecurity compliance in 2023 – part 1
This first blog in the series captures the key takeaways from Coalfires Annual Compliance Report...
The Annual Report: 2024 Plans and Priorities for SaaS Security
Over 55% of security executives report that they have experienced a SaaS security incident in the past two years — ranging from data leaks and data breaches to SaaS ransomware and malicious apps as seen in figures 1 and 2. --- Figure 1. How many organizations have experienced a SaaS security...
The Annual Report: 2024 Plans and Priorities for SaaS Security
Over 55% of security executives report that they have experienced a SaaS security incident in the past two years — ranging from data leaks and data breaches to SaaS ransomware and malicious apps as seen in figures 1 and 2. --- Figure 1. How many organizations have experienced a SaaS security...
ICS/OT Cybersecurity 2022 TXOne Annual Report Insights
This article gives an in-depth overview of TXOne’s insight report on ICS/OT cyber incidents...
ACSC Releases Annual Cyber Threat Report
The Australian Cyber Security Centre ACSC has released its annual report on key cyber security threats and trends for the 2020–21 financial year. The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid...
11-13 year old girls most likely to be targeted by online predators
The Internet Watch Foundation IWF, a not-for-profit organization in England whose mission is "to eliminate child sexual abuse imagery online", has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of th...
Akamai Foundation: Our Chance to Give Back
The Akamai Foundation was set up in 2018 to improve the impact and focus of our long-term philanthropic activities. Importantly, we wanted to support the next generation of technology innovators; promoting the pursuit of excellence in STEM education amongst school children. Our work had an...
Trend Micro 2020 Annual Cybersecurity Report
Reviewing the most important cybersecurity stories, issues, and trends that occurred over 2020, this annual report aims to equip security leaders with valuable insight and tools so they can focus on both protecting and enabling the organization...
Working Together with Our Customers to Build a Sustainable Future
By now, we hope you've read Monday's and Tuesday's blog posts announcing the release of our annual sustainability report, our sustainability program, and the technical innovation behind it...