CVE-2025-66523

EPSS 0.04%
Veröffentlicht 20.01.2026 06:51:34
Zuletzt bearbeitet 09.04.2026 14:48:56
Quelle 14984358-7092-470d-8f34-ade47a
CVE-Watchlists
Login
Unerledigt
Login

Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com via Unsanitized URL Parameters

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.






This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Esign Version < 2026-01-16

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
14984358-7092-470d-8f34-ade47a7658a2	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.foxit.com/support/security-bulletins.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-66523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66523

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66523