Security Advisory

CVE-2025-66501

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-19 07:23:29

Last updated 2025-12-19 17:12:02

Assigner Foxit

State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the injected script may execute when predefined text is used or when viewing document properties.

← Browse all CVEs View on cve.org ↗