Vulnerabilities

CVE-2025-66500

by Fred · 19/12/2025

A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.

More information : https://www.foxit.com/support/security-bulletins.html

Similar

Tags: Cybersecurity Alert