Lucene search
K

859 matches found

EUVD
EUVD
added 2026/02/03 7:59 a.m.6 views

EUVD-2026-5315

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS5.4AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 7:59 a.m.31 views

CVE-2026-1592 Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 7:57 a.m.6 views

EUVD-2026-5187

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS5.3AI score0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 7:57 a.m.4 views

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS5.3AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6047

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud versions prior to 2026-02-03 Description Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting issue in the file upload feature. A malicious username is embedded into the upload file list without proper...

6.3CVSS5.4AI score0.00195EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6048

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud pdfonline versions prior to 2026-02-03 Description Foxit PDF Editor Cloud pdfonline has a stored cross-site scripting issue in the Create New Layer feature. The application embeds unsanitized user input into the HTML...

6.3CVSS5.4AI score0.00195EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

PDF Complete code issue vulnerabilities

PDF Complete is a PDF editor developed by PDF Complete Inc. Version 3.5.310.2002 of PDF Complete has a code vulnerability that stems from the lack of quotation marks around the pdfsvc.exe service path, which may lead to privilege escalation...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.4 views

CVE-2021-41784

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

7.8CVSS7.8AI score0.0068EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.15 views

CVE-2022-37377

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

7.8CVSS6.7AI score0.00995EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.15 views

CVE-2022-37378

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.6AI score0.01016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 8:14 a.m.17 views

CVE-2025-66522

A stored cross-site scripting XSS vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud pdfonline.foxit.com. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result,...

6.3CVSS5.6AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 8:14 a.m.6 views

CVE-2025-66520

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

6.3CVSS5.7AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 7:11 a.m.7 views

CVE-2025-66493

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced,...

7.8CVSS7.5AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 8:15 a.m.5 views

CVE-2025-66520

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

6.3CVSS0.0015EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 8:15 a.m.3 views

CVE-2025-66520

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

5.4CVSS5.7AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 8:15 a.m.4 views

CVE-2025-66522

A stored cross-site scripting XSS vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud pdfonline.foxit.com. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result,...

5.4CVSS5.7AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 8:15 a.m.7 views

CVE-2025-66522

A stored cross-site scripting XSS vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud pdfonline.foxit.com. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result,...

6.3CVSS0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 7:30 a.m.4 views

EUVD-2025-204456

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

6.3CVSS5.2AI score0.0015EPSS
Exploits0References2
CVE
CVE
added 2025/12/19 7:30 a.m.12 views

CVE-2025-66520

CVE-2025-66520 affects the Foxit PDF Editor cloud (pdfonline.foxit.com) in its Portfolio feature. The vulnerability is a stored XSS caused by user-supplied SVG files not being properly sanitized or validated before insertion into the HTML structure, enabling embedded HTML/JavaScript to execute wh...

6.3CVSS5.3AI score0.0015EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/19 7:30 a.m.4 views

CVE-2025-66520 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

6.3CVSS5.3AI score0.0015EPSS
Exploits0References1
Rows per page
Query Builder