Описание
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected PDF is loaded.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025-12-01 (исключая)
cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00037
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.3
github
около 2 месяцев назад
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected PDF is loaded.
EPSS
Процентиль: 11%
0.00037
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79