Описание
A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025-12-01 (исключая)
cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00037
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.3
github
около 2 месяцев назад
A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.
EPSS
Процентиль: 11%
0.00037
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79