216.73.217.176

CVE-2025-66519

· Published 19/12/2025 08:15 · Modified 23/12/2025 17:34

Labels: CVE-2025-66519 14984358-7092-470d-8f34-ade47a7658a22025-12-19CVE-2025-66519

Essential information

Published
19/12/2025 08:15
Modified
23/12/2025 17:34
Author
Creator
CVSS
6.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS metrics

Description

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected script executes when the Layers panel is accessed.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
14984358-7092-470d-8f34-ade47a7658a2
NVD
View on NVD

Affected products (CPE)

ProductCPE
foxit / pdf editor cloud cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*

References