216.73.217.120

CVE-2025-66500

· Published 19/12/2025 08:15 · Modified 23/12/2025 17:33

Labels: CVE-2025-66500 14984358-7092-470d-8f34-ade47a7658a22025-12-19CVE-2025-66500

Essential information

Published
19/12/2025 08:15
Modified
23/12/2025 17:33
Author
Creator
CVSS
6.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS metrics

Description

A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
14984358-7092-470d-8f34-ade47a7658a2
NVD
View on NVD

Affected products (CPE)

ProductCPE
foxit / pdf editor cloud cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*

References