2025-09-02 00:00:00
mitre
PUBLISHED
A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the applications privileged context, potentially allowing attackers to steal sensitive data or perform unauthorized actions.