Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

480 matches found

OSV
OSVadded 2022/01/04 3:15 p.m.1 views

CVE-2021-45980

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API...

7.8CVSS7.4AI score0.00775EPSS
Exploits0References3
OSV
OSVadded 2022/01/04 3:15 p.m.3 views

CVE-2021-45979

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API...

7.8CVSS6.1AI score0.02332EPSS
Exploits0References3
Prion
Prionadded 2022/01/04 3:15 p.m.16 views

Code injection

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API...

6.8CVSS7.8AI score0.02332EPSS
Exploits0References3Affected Software2
Prion
Prionadded 2022/01/04 3:15 p.m.14 views

Code injection

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API...

6.8CVSS7.8AI score0.00775EPSS
Exploits0References3Affected Software2
CVE
CVEadded 2022/01/04 2:32 p.m.39 views

CVE-2021-45980

Foxit PDF Reader and PDF Editor for macOS are affected by CVE-2021-45980 (pre-11.1). The vulnerability allows remote code execution through the getURL function in the JavaScript API. Exploitation details are not expanded beyond the remote code execution vector in the sources, so practical exploit...

7.8CVSS7.8AI score0.00775EPSS
Exploits0References3Affected Software2
Cvelist
Cvelistadded 2022/01/04 2:32 p.m.17 views

CVE-2021-45980

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API...

8.1AI score0.00775EPSS
Exploits0References3
CVE
CVEadded 2022/01/04 2:31 p.m.37 views

CVE-2021-45979

CVE-2021-45979 affects Foxit PDF Reader and PDF Editor on macOS prior to 11.1. The issue allows an attacker to execute arbitrary code via the JavaScript API function app.launchURL, enabling remote code execution if a user opens a malicious document or triggers the affected API. The connected sour...

7.8CVSS7.8AI score0.02332EPSS
Exploits0References3Affected Software2
Cvelist
Cvelistadded 2022/01/04 2:31 p.m.21 views

CVE-2021-45979

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API...

8.1AI score0.02332EPSS
Exploits0References3
Akamai Blog
Akamai Blogadded 2021/06/01 2:0 p.m.46 views

How Enigmo Moved Logic from Client to Origin to Edge

By: Hideki Ito Enigmo owns BUYMA, a Japanese fashion C2C marketplace that helps people buy and sell high-quality goods from overseas on www.buyma.com. BUYMA has 8.21 million members and deals with 5.62 million items across 140,000 fashion brands. Its website uses EdgeWorkers to manipulate cookies...

7.4AI score
Exploits0
CNVD
CNVDadded 2020/11/04 12:0 a.m.1 views

Foxit Reader Command Injection Vulnerability

Foxit is a professional electronic document technology solutions provider. Foxit Reader, one of Foxit's outstanding products, is currently one of the most popular PDF readers worldwide. A command injection vulnerability exists in the app.opencPDFWebPage JavsScript API product in Foxit Reader, whi...

7.8CVSS7.6AI score0.20288EPSS
Exploits3References1
NVD
NVDadded 2020/11/02 9:15 p.m.7 views

CVE-2020-14425

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog...

7.8CVSS8AI score0.20288EPSS
Exploits3References3
Cvelist
Cvelistadded 2020/11/02 5:1 p.m.12 views

CVE-2020-14425

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog...

8AI score0.20288EPSS
Exploits3References3
0day.today
0day.todayadded 2020/11/02 12:0 a.m.25 views

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API) Exploit

Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker...

7.4AI score
Exploits0
0day.today
0day.todayadded 2020/11/02 12:0 a.m.19 views

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API) Exploit

Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2020/11/02 12:0 a.m.845 views

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)

Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker...

7.8CVSS7.8AI score0.20288EPSS
Exploits3
Packet Storm
Packet Stormadded 2020/11/01 12:0 a.m.565 views

Foxit Reader 9.7.1 Remote Command Execution

Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir CVE: CVE-2020-14425. Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript AP whic...

0.20288EPSS
Exploits3
NVD
NVDadded 2020/09/15 6:15 p.m.11 views

CVE-2020-15179

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using tag inside tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover...

9CVSS0.00433EPSS
Exploits0References2
OSV
OSVadded 2020/09/15 6:15 p.m.13 views

CVE-2020-15179

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using tag inside tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover...

9CVSS6.9AI score
Exploits0References2
Prion
Prionadded 2020/09/15 6:15 p.m.10 views

Cross site scripting

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using tag inside tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover...

4.6CVSS9.1AI score0.00433EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/09/15 6:10 p.m.13 views

CVE-2020-15179 HTML Injection in ScratchSig

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using tag inside tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover...

8CVSS9.2AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder