216.73.217.86

CVE-2025-66520

· Published 19/12/2025 08:15 · Modified 23/12/2025 17:33

Labels: CVE-2025-66520 14984358-7092-470d-8f34-ade47a7658a22025-12-19CVE-2025-66520

Essential information

Published
19/12/2025 08:15
Modified
23/12/2025 17:33
Author
Creator
CVSS
6.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS metrics

Description

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a crafted SVG may execute whenever the Portfolio file list is rendered.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
14984358-7092-470d-8f34-ade47a7658a2
NVD
View on NVD

Affected products (CPE)

ProductCPE
foxit / pdf editor cloud cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*

References