Exploit for Improper Encoding or Escaping of Output in Parall Jspdf

CVE-2026-25940 jsPDF PoC A proof-of-concept for CVE-2026-2594...

CVE-2025-55309

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change...

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

CVE-2025-60507

CVE-2025-60507 describes a cross-site scripting vulnerability in Moodle GeniAI plugin (local_geniai) version 2.3.6. An authenticated user with the Teacher role can upload a PDF containing embedded JavaScript. The system outputs a direct HTML link to the uploaded file without sanitization, enablin...

PT-2024-9691 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.3.0.26795 Description: A use-after-free vulnerability exists in the way Foxit Reader handles a checkbox CBF Widget object. This vulnerability can be triggered by a specially crafted Javascript code inside a malicious...

CVE-2024-45962

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

PT-2024-3606 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.1.0.23997 Description: A type confusion vulnerability exists in the way Foxit Reader handles a Lock object. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to...

PT-2023-3891 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 12.1.2.15332 Description: A use-after-free vulnerability exists in the way Foxit Reader handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously...

CVE-2018-4911

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The...