CVE-2025-66522

Medium CVSS: 6.3

A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the Digital IDs dialog is accessed or when the affected PDF is loaded.

Vendor

Foxit

Product

Pdf Editor Cloud

CWE

CWE-79

Yayın Tarihi

2025-12-19 08:15:54

Güncelleme

2025-12-23 17:33:47

Source Identifier

14984358-7092-470d-8f34-ade47a7658a2

KEV Date Added

Kategoriler

CWE-79 Pdf Editor Cloud MEDIUM Foxit 2025

Referanslar

https://www.foxit.com/support/security-bulletins.html

Benzer Kayıtlar

Medium

CVE-2026-1592

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature.…

Medium

CVE-2026-1591

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A ma…

Medium

CVE-2025-66520

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonli…

Medium

CVE-2025-66521

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature.…

Medium

CVE-2025-66501

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of th…

Medium

CVE-2025-66502

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A cra…