Name of the Vulnerable Software and Affected Versions PT-2025-139: Stored Cross-Site Scripting (Stored XSS) in Foundry Virtual Tabletop

Description A vulnerability has been identified in Foundry Virtual Tabletop affecting version 13.350. The discovered vulnerability can be exploited by an attacker to inject malicious JavaScript code into the client side of Foundry Virtual Tabletop (FVT) through unsafe handling of user input during rendering. When generating HTML templates or dynamic content, the server/client directly inserts the received data without proper sanitization, allowing the attacker to execute arbitrary scripts in the context of the victim's browser. Vulnerability status: Confirmed by the vendor. Vulnerability fix date: 11/12/2025.

Recommendations Update to version 13.351 or higher.