26 matches found
CVE-2026-4947
Foxit eSign was affected by an insecure direct object reference (IDOR) in the signing invitation acceptance flow. The root cause was insufficient authorization validation on referenced resources during request processing, potentially allowing an attacker to access or modify unauthorized resources...
Foxit eSign security vulnerability
Foxit eSign is an electronic signature service software developed by the American company Foxit. Versions of Foxit eSign prior to 2026‑01‑16 contained security vulnerabilities. These vulnerabilities stemmed from URL parameters being directly embedded into JavaScript code or HTML attributes withou...
CVE-2025-66501
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2025-66501
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2025-66501
Foxit pdfonline.foxit.com Predefined Text in Foxit eSign is affected by a stored XSS via the Identity field “First Name,” where unsanitized input is rendered into the DOM when predefined text is used or document properties are viewed. The description is consistently reported across CVE entries (N...
CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
EUVD-2025-204459
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
PT-2025-52429
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
EUVD-2025-17305
Malicious code in bioql PyPI...
MAL-2025-5910 Malicious code in ent-esign-newweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07c7bcd6c3ad603762deb743d81c44dda73a6abd324f8916a36a46f065c1cb8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ent-esign-newweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07c7bcd6c3ad603762deb743d81c44dda73a6abd324f8916a36a46f065c1cb8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in esign-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95776f5b7e274091b8f6f9a4fb620ad2a23f0b693413005faec7c8d348f97a21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5776 Malicious code in esign-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95776f5b7e274091b8f6f9a4fb620ad2a23f0b693413005faec7c8d348f97a21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-49419
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through = 2.0.3...
CVE-2025-49419
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through = 2.0.3...
CVE-2025-49419 WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3...
CVE-2025-49419
CVE-2025-49419 pertains to Foxit eSign for WordPress. The connected sources describe an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability, enabling retrieval of embedded sensitive data. Affected product: Foxit eSign for WordPress, versions from n/a through 2...
CVE-2025-49419 WordPress Foxit eSign for WordPress plugin <= 2.0.3 - Other Vulnerability Type Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through = 2.0.3...
PT-2025-24256 · Foxit · Foxit Esign
Name of the Vulnerable Software and Affected Versions: Foxit eSign for WordPress versions 2.0.3 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For Foxit eSign...