vulnerability
Foxit Reader: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-27517)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jul 20, 2021 | Apr 20, 2023 | Apr 20, 2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jul 20, 2021
Added
Apr 20, 2023
Modified
Apr 20, 2023
Description
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
Solution
foxit-reader-upgrade-latest

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.