vulnerability

Foxit Reader: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-27517)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jul 20, 2021
Added
Apr 20, 2023
Modified
Apr 20, 2023

Description

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).

Solution

foxit-reader-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.