216.73.217.86

CVE-2025-66522

· Published 19/12/2025 08:15 · Modified 23/12/2025 17:33

Labels: CVE-2025-66522 14984358-7092-470d-8f34-ade47a7658a22025-12-19CVE-2025-66522

Essential information

Published
19/12/2025 08:15
Modified
23/12/2025 17:33
Author
Creator
CVSS
6.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS metrics

Description

A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the Digital IDs dialog is accessed or when the affected PDF is loaded.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
14984358-7092-470d-8f34-ade47a7658a2
NVD
View on NVD

Affected products (CPE)

ProductCPE
foxit / pdf editor cloud cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*

References