Primary

Context

Foxit PDF Editor Cloud Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Digital IDs feature of Foxit PDF Editor Cloud. The issue arises because the application fails to properly sanitize the Common Name field in Digital IDs before adding user-supplied content to the Document Object Model (DOM). This lack of proper encoding allows embedded HTML or JavaScript to execute when the Digital IDs dialog is opened or when the affected PDF is viewed.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the user.

Remediation

Users can update to the latest version of Foxit PDF Editor Cloud, which includes security and stability enhancements. No action is needed for those already using the updated version.

Added: Dec 19, 2025, 8:17 AM

Updated: Dec 19, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Foxit PDF Editor Cloud Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating