Thisis0Xczar

**Name of the Vulnerable Software and Affected Versions** Foxit WebPlugins (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists due to a failure to validate the message origin within a postMessage handler. Specifically, the `externalPath` is directly assigned to a script source without proper validation, enabling an attacker to execute arbitrary JavaScript code when a specially crafted postMessage is received. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit eSign (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the Predefined Text feature of the Foxit eSign section within pdfonline.foxit.com. A malicious payload can be stored through the Identity “First Name” field. The injected script is rendered into the Document Object Model (DOM) without sufficient sanitization, potentially leading to script execution when predefined text is utilized or when document properties are viewed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Online (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the Page Templates feature of pdfonline.foxit.com. A malicious payload can be stored as a template name. This payload is then rendered into the Document Object Model (DOM) without sufficient sanitization, leading to script execution whenever the affected PDF document is loaded. The vulnerability involves storing a crafted payload, which is then executed. The affected area is the Page Templates feature. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pdfonline.foxit.com (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the Layer Import functionality of pdfonline.foxit.com. A malicious payload can be injected into the “Create new Layer” field during layer import. The injected script is rendered into the Document Object Model (DOM) without proper sanitization, and executes when the Layers panel is accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Editor Cloud (pdfonline.foxit.com) (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists within the Portfolio feature. The application does not properly sanitize or validate SVG files provided by users before incorporating them into the HTML structure. This allows malicious HTML or JavaScript embedded within a crafted SVG file to execute when the Portfolio file list is displayed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Online (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the Trusted Certificates feature of pdfonline.foxit.com. A malicious payload can be injected as the certificate name. This injected script then executes whenever the Trusted Certificates view is loaded because the data is rendered into the Document Object Model (DOM) without sufficient sanitization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Editor Cloud (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the Digital IDs functionality. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the Document Object Model (DOM). This allows embedded HTML or JavaScript to execute when the Digital IDs dialog is accessed or when the affected PDF is loaded. The vulnerable component involves the handling of Digital IDs and the insertion of user-supplied content into the DOM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.