CVE-2025-66501

Medium CVSS: 6.3

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the injected script may execute when predefined text is used or when viewing document properties.

Vendor

Foxit

Product

Pdf Editor Cloud

CWE

CWE-79

Yayın Tarihi

2025-12-19 08:15:53

Güncelleme

2025-12-23 17:34:07

Source Identifier

14984358-7092-470d-8f34-ade47a7658a2

KEV Date Added

Kategoriler

CWE-79 Pdf Editor Cloud MEDIUM Foxit 2025

Referanslar

https://www.foxit.com/support/security-bulletins.html

Benzer Kayıtlar

Medium

CVE-2026-1592

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature.…

Medium

CVE-2026-1591

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A ma…

Medium

CVE-2025-66520

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonli…

Medium

CVE-2025-66521

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature.…

Medium

CVE-2025-66522

A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud…

Medium

CVE-2025-66502

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A cra…