Security Advisory

CVE-2025-66520

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-19 07:30:20

Last updated 2025-12-19 14:41:00

Assigner Foxit

State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a crafted SVG may execute whenever the Portfolio file list is rendered.

← Browse all CVEs View on cve.org ↗