2 matches found
CVE-2025-66502
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...
CVE-2025-66521
Summary: CVE-2025-66521 is a stored XSS in Foxit’s pdfonline.foxit.com, specifically in the Trusted Certificates feature. What’s affected: The certificate name field accepts crafted input that is later rendered into the DOM without proper sanitization. Root cause: Insufficient sanitization of the...