Filtered by vendor Foxitsoftware Subscriptions
Filtered by product Webplugins Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-66500 1 Foxitsoftware 1 Webplugins 2025-12-22 6.3 Medium
A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.