CVE-2025-66521

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 92.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF Editor CloudFoxit Software Inc. Pdfonline.foxit.com
Timeline
PublishedDec 19

Description

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the Trusted Certificates view is loaded.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:NExploitability: 2.1 | Impact: 4.2

Affected Packages2 packages

CVEListV5foxit_software_inc./pdfonline.foxit.combefore 2025‑12‑01
NVDfoxit/pdf_editor_cloud< 2025-12-01

🔴Vulnerability Details

2
GHSA
GHSA-8wr8-qf33-p6vc: A stored cross-site scripting (XSS) vulnerability exists in pdfonline2025-12-19
CVEList
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature2025-12-19
CVE-2025-66521 (MEDIUM CVSS 5.4) | A stored cross-site scripting (XSS) | cvebase.io