6.3
CVE-2025-66502 - Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affectedβ¦
6.3
CVE-2025-66501 - Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity βFirst Nameβ field, which is later rendered into the DOM without proper sanitization. As a result, the injeβ¦
6.3
CVE-2025-66500 - Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.
7.8
CVE-2025-66499 - Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
5.3
CVE-2025-66498 - Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
5.3
CVE-2025-66497 - Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
5.3
CVE-2025-66496 - Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
7.8
CVE-2025-66495 - Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allβ¦
7.8
CVE-2025-66494 - Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.
7.8
CVE-2025-66493 - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, poteβ¦