CVE-2025-66519

Name of the Vulnerable Software and Affected Versions pdfonline.foxit.com (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists in the Layer Import functionality of pdfonline.foxit.com. A malicious payload can be injected into the “Create new Layer” field during layer import. The injected script is rendered into the Document Object Model (DOM) without proper sanitization, and executes when the Layers panel is accessed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.