CVE-2025-66520

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud (pdfonline.foxit.com) (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists within the Portfolio feature. The application does not properly sanitize or validate SVG files provided by users before incorporating them into the HTML structure. This allows malicious HTML or JavaScript embedded within a crafted SVG file to execute when the Portfolio file list is displayed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.