CVE-2021-27517
published 2021-07-20CVE-2021-27517: Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | phantompdf | <= 9.7.5.29616 | — |
| foxit | phantompdf | 10.0.0.0 – 10.1.3.37598 | — |
| foxit | reader | <= 10.1.3.37598 | — |