CVE-2025-66502

Name of the Vulnerable Software and Affected Versions Foxit PDF Online (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists in the Page Templates feature of pdfonline.foxit.com. A malicious payload can be stored as a template name. This payload is then rendered into the Document Object Model (DOM) without sufficient sanitization, leading to script execution whenever the affected PDF document is loaded. The vulnerability involves storing a crafted payload, which is then executed. The affected area is the Page Templates feature.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.