CVE-2025-66501

Name of the Vulnerable Software and Affected Versions Foxit eSign (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists in the Predefined Text feature of the Foxit eSign section within pdfonline.foxit.com. A malicious payload can be stored through the Identity “First Name” field. The injected script is rendered into the Document Object Model (DOM) without sufficient sanitization, potentially leading to script execution when predefined text is utilized or when document properties are viewed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.