CVE-2025-66523

CVE-2025-66523 reflects a Cross-Site Scripting (XSS) issue in na1.foxitesign.foxit.com prior to 2026-01-16, caused by URL parameters being embedded directly into JavaScript code or HTML attributes without proper encoding or sanitization. An authenticated user can trigger script injection by visit...

CVE-2026-4947

Foxit eSign was affected by an insecure direct object reference (IDOR) in the signing invitation acceptance flow. The root cause was insufficient authorization validation on referenced resources during request processing, potentially allowing an attacker to access or modify unauthorized resources...