CVE-2021-27517

Name of the Vulnerable Software and Affected Versions Foxit PDF SDK For Web versions prior to 7.5.1 is not specified, however, Foxit PDF SDK For Web through 7.5.0 is mentioned as vulnerable. Foxit PDF SDK For Web versions through 7.5.0

Description The issue allows for arbitrary JavaScript code execution in the browser. This occurs when a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API.

Recommendations For Foxit PDF SDK For Web versions through 7.5.0, update to a version later than 7.5.0 to resolve the issue. As a temporary workaround, consider restricting the upload of PDF documents or disabling the use of app.alert until a patch is available.