Primary

Context

Foxit Products Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Foxit PDF Reader and Foxit PDF Editor. This vulnerability exists in versions through 2025.2.1.33197 for Foxit PDF Reader and versions through 2025.2.1/14.0.1/13.2.1 for Foxit PDF Editor. The issue arises in the webplugins.foxit.com service, where a postMessage handler fails to properly validate the message origin. This flaw allows attackers to execute arbitrary JavaScript by sending crafted postMessages that are not adequately checked before being processed.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the user.

Remediation

Users can update to Foxit PDF Reader 2025.3 or Foxit PDF Editor 2025.3/14.0.2/13.2.2. Instructions for updating are available on the Foxit website.

Added: Dec 19, 2025, 8:22 AM

Updated: Dec 19, 2025, 8:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Foxit Products Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating