PT-2025-52434 · Foxit · Foxit Pdf Editor Cloud
Novee
+1
·
Published
2025-12-19
·
Updated
2025-12-19
·
CVE-2025-66522
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Editor Cloud (affected versions not specified)
Description
A stored cross-site scripting (XSS) issue exists in the Digital IDs functionality. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the Document Object Model (DOM). This allows embedded HTML or JavaScript to execute when the Digital IDs dialog is accessed or when the affected PDF is loaded. The vulnerable component involves the handling of Digital IDs and the insertion of user-supplied content into the DOM.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Editor Cloud