Security Advisory

CVE-2025-66500

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-19 07:16:49

Last updated 2025-12-19 17:14:25

Assigner Foxit

State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.

← Browse all CVEs View on cve.org ↗