vulnerability

Foxit Reader: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-27517)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 20, 2021	Apr 20, 2023	Apr 20, 2023

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 20, 2021

Added

Apr 20, 2023

Modified

Apr 20, 2023

Description

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).

Solution

foxit-reader-upgrade-latest

References

CVE-2021-27517
https://attackerkb.com/topics/CVE-2021-27517
URL-https://www.foxitsoftware.com/support/security-bulletins.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today